Unit 1: Contents

 Introduction to SOA , Defining SOA, Necessity of SOA.

 SOA timeline from XML to Web services to SOA
 History about XML
 Web Services and SOA
 Service Oriented Enterprise (SOE)
 Analyze the past architectures
 Scope Of SOA, SOA Reference Model
 Key Service characteristics of SOA
 Anatomy(The study of the structure) of SOA, SOA architecture
 Components in SOA interrelate
 SOA component and specific behaviors
 Relationships among these components
 Technical Benefits of SOA, Business Benefits of SOA
 Principles of service orientation

SOA - Overview
What is Service Oriented Architecture (SOA)?
The Service Oriented Architecture is an architectural design which includes collection of services
in a network which communicate with each other. The complication of each service is not
noticeable to other service. The service is a kind of operation which is well defined, self contained
that provides separate functionality such as checking customer account details, printing bank
statements etc and does not depend on the sate of other services.
History
The first report published on SOA by the analysts Roy W.Schulte and Yefim V.Natis in 1996.
Why to use SOA?
 SOA is widely used in market which responds quickly and makes effective changes according
to market situations.
 The SOA keep secret the implementation details of the subsystems.
 It allows interaction of new channels with customers, partners and suppliers.
 It authorizes the companies to select software or hardware of their choice as it acts as
platform independence.
Features
 SOA uses interfaces which solves the difficult integration problems in large systems.
 SOA communicates customers, providers and suppliers with messages by using the XML
schema.
 It uses the message monitoring to improve the performance measurement and detects the
security attacks.
 As it reuses the service, there will be lower software development and management costs.

Advantages
 SOA allows reuse the service of an existing system alternately building the new system.
 It allows plugging in new services or upgrading existing services to place the new business
requirements.
 It can enhance the performance, functionality of a service and easily makes the system
upgrade.
 SOA has capability to adjust or modify the different external environments and large
applications can be managed easily.
 The companies can develop applications without replacing the existing applications.
 It provides reliable applications in which you can test and debug the independent services
easily as compared to large number of code.
Disadvantages

 SOA requires high investment cost (means large investment on technology, development and
human resource).
 There is greater overhead when a service interacts with another service which increases the
response time and machine load while validating the input parameters.
 SOA is not suitable for GUI (graphical user interface) applications which will become more
complex when the SOA requires the heavy data exchange.

SOA – Blueprint
Description
The SOA blueprint contains some following goals:
 Requirements of design principles
 Specific tasks of design principles
 Interaction of services
 Details of integration scenario
 Templates for the specific tasks
SOA Blueprints Concepts
The following figure shows SOA blueprint with different concpets:
Considerations in SOA
There are some considerations must be covered in SOA:
Infrastructure
 Accessible of requirements
 Performance requirements
 Platform for system

Architecture
 Models of domain and service
 Organization of services
 Process of integrating the structure
 Quality of the service
 Message exchange patterns
Development
 Design guidelines for project development
 Required tools for project
 Validation and modification required things
 Handling errors
 Security for service access
Administration
 Managing and building
 Testing and deploying the project
 Location of data stored and registering the application
The following figure shows SOA blueprint with different classes:
SOA contains the main functions of blueprint which are called as Programs and BAM.
Programs

The programs are associated with departmental issues which manages the development,
monitoring and operation of the SOA. The programs include some areas such as managing
services, operation and implementation of service domains, roles of SOA project,
conversion between roles and tasks.
Business Activity Monitoring (BAM)

The business activity monitoring functionality can be used by the products to display the
runtime details in the graphical system. The BAM products includes adapters or sensors
which are used to access the data using the Java, PL/SQL and other languages.
View Layer

The view layer provides two types of applications; one is Rich Client application and another
one is Web Client application. The rich client application processes the data on the client
side and contains some locally installed programs little network resources dependence. The
web client is a client server side component which contains applications running on user's
computer and connected to server.
Application Server

The application server includes some functionality such as workflow, rules, registry, CEP,
ESB, services and systems.
Workflow

The workflow is used when there is an interaction between human and implementation which is
done through the XPDL (XML Process Definition Language). The BPEL (Business Process
Execution Language) was used for runnable processes. When there is an upgrade in human
interaction feature by using the WS-HumanTask and WS-BPEL4People specifications, results in
blur boundaries of automated service calls.
Rules

The rules can be modified or changed commonly at run time when they are not incorporated in
the system. You can define the rules which are based on the system or natural language, before
becoming accessible by using the interfaces such as Java, Web service etc. The products
contains rules like JBoss rules, WebSphere ILOG rules, Visual rules and Oracle business rules.
CEP
The CEP stands for Complex Event Processing which allows to browse event streams based on
the certain pattern which can be uncorrelated in time or content. The Continuous Query
Language (CQL) language contains SQL-style query language which attaches the elements for
organizing the data streams to the SQL language constructs.

BAM- Business Activity Monitoring

ESB - Enterprise Service Bus

CEP- Complex Event Processing

ESB

The ESB stands for Enterprise Service Bus which gives patterns that are liable for the tasks and
ranges from routing to reachability, allow the interaction between message and protocol
transformation and manages the SOA environment. The ESB is placed between service
provider and consumer which is used for service virtualization. The services and systems are
attached to the ESB.
Service Oriented Enterprise (SOE)
The objective of Service Oriented Enterprise (SOE) is to present the principles and fundamental
underpinnings of Web Services and Service Oriented Architectures (SOA). Special emphasis will
be given to service definitions, service assembly, modeling, web services programming and
design aspects of real-life applications in manufacturing. The course will examine the use of
process and data integration techniques to develop SOA-based applications and help students
illustrate and justify the use of analysis/design principles and guidelines in SOA application
development solutions. Prior knowledge of databases and XML-programming is required.

Service Oriented Architecture (SOA)

After completing this course, you will be able to:

 Distinguish between the types, properties of services and best practices necessary for
developing SOA-based applications and justify potential solutions;
 Explain the use of process and data integration techniques to develop SOA-based applications;
 Explain and justify the use of analysis/design principles and guidelines in SOA application
development solutions;
 Design and appraise software services in terms of operational requirements and quality criteria
for enterprises.
Content of Service Oriented Enterprise
A Service Oriented Enterprise (SOE) as an organization whose business processes and IT
infrastructure are integrated across the entire enterprise to deliver on-demand services to
customers, partners and suppliers. Service Oriented Architecture is a logical way of designing a
complex, distributed software system by providing software services to either end-user
applications or to other services distributed in the Internet, via published and discover-able
interfaces.
This course covers the fundamental aspects and modelling of Web services and the development
of applications on the basis of Service Oriented Architectures for enabling a Service Oriented
Enterprise. In particular, it covers the following topics:
 Distributed Computing Overview;
 Describing Web Services and Business Processes;
 Introduction to Web services programming languages;
 Workflow Systems;
 Service Modelling;
 Service Design;
 Business Processes;
 Enterprise Service Bus;
 Introduction to Cloud Computing and Services.

SOA - Service Categories

Description
The service is a kind of operation which is well defined, self contained that performs a specific
task.
The following figure shows SOA service categories:

The service can be categorized into following ways:

Entity Service
The entity services include entities of customer such as purchase order, insurance policy, invoice
of order, ordered date etc in which you can perform CRUD operations such as Create, Read,
Delete and Update on the entities. These services provide information of the business process
stored in the databases and handle the business entities.
Task Service
The task service adds the business logic to other services and due to its focus on business entity,
it contains low amount of reusability. Task services provide operations on more than one entity
such as customer purchase order, creating purchase order number, validating customer details
etc. A service is called as task service when it needs to access the multiple entities.
Utility Service
The utility services are technology oriented services which are used to build larger and higher
level services and provides other capabilities which are unrelated to the message transfer. The
utility services provide reusable functions such as event logging, creating unique number and
notification etc to the other functional domains. These services contain small, closely packed
services which are used as building blocks in service oriented system.
Proxy Service
The proxy services contain the services which act as connection between members of the service
oriented system and conflict subsystem. The device and process services lie under this type of
services. Sometimes services which are defined under proxy services are called as gateway
services.
Device Service
The device service is a kind of proxy service which is referred as hardware device and used to
communicate between other services. The device service does not include the API which is not
well suited with the service oriented system.
Process Service
The device service is also a kind of proxy service which acts as interpreter between application
and service oriented system members. This service creates and arranges the application services
to implement the business processes.
Business Service
Business services are also known as controller service which provides business functions for the
completion of the business process and are flexible services that changes the business needs.
These services develop the business applications that automate the business process such as
managing the customer service, shipping the customer product etc.
SOA - Maturity
Description
The term SOA maturity defines the architectural guidelines for reaching the significant level of
maturity in the information technology architecture enterprises and allows accessing the
current state of SOA adoption of a company.
The figure below shows five levels of SOA Maturity:
 Level 1: Initial

Level 1: Initial

The initial level of SOA maturity includes the architecture and design phase of SOA which
focus on delivering an individual project. The scope of this level includes:
 R&D experimentation
 Small SOA projects
 Implementation of portal and website
 Process of custom integration
 Number of services

Level 2: Repeatable

In this level, you can use the reusable architected services which are flexible and can be used
from one project to another. The scope of this level is providing multiple integrated applications
that support some following factors:
 Low cost of delivery
 Low cost of maintenance
 Integration of database
 Integration of application
 Managing the performance
 Simple way of deployment

Level 3: Defined

In this level, the project team will be working on the creating architecture elements, providing
guidelines to project members on the architecture and creates the technical components and
frameworks which can be used across the project teams. At this level you can identify the service
from the business level for the good quality of business arrangement. The scope of this level
includes:
 Reuse of components
 Simple way of modification
 Changes the business process effectually
 Providing business process rules
Level 4: Managed

In this level, business services are managed and define the path to SOA. The project team's and
enterprise architecture team's work together to specify the processes, technologies and
components of an organization's SOA. You can measure end to end performance of the process
in this level. The scope of this level includes:
 Using the business activity monitoring functionality to display the runtime details
 Specifying business process visibility
 Providing business process and service alerts

Level 5: Optimizing

In this level, the optimized business services react and respond automatically when you deliver
the business processes during run time and include the clean identification of services. This level
allows project team to reveal and consume services and also interchanges the services between
customers, business partners and suppliers. The scope of this level includes:
 SOA will be optimized and associates with business
 Specifies the endpoint of an architecture enterprise
 Interacts with services from customers, partners and others

SOA - Enterprise Service Bus

Description
The Enterprise Service Bus (ESB) is a software architecture which connects all the services
together over a bus like infrastructure. It acts as communication center in the SOA by
allowing linking multiple systems, applications and data and connects multiple systems with
no disruption.
ESB Basics

The above picture depicts the communication between software applications in a service-
oriented architecture(SOA) via ESB. Bus is a communication system that transfers data
between computers and interconnects the hard disk drives, CD ROM, graphics adapters
and other chips.
ESB as Transaction Manager

As shown in the above figure, the ESB can synchronize with transactions to communicate
with multiple services. Instead of notifying the web applications to coordinate with
transaction, the ESB can synchronize with transaction when multiple distributed
applications get involved in a transaction.
ESB as Security Manager

The authentication and authorization mechanisms are very important parts of security check
which are incorporated under ESB. The ESB provides these security mechanisms to inter
connect between the web applications.
ESB as Service Proxy

The SOA uses proxy which interprets the service calls between two different client service
protocols. For instance, consider you need to access a service which can be accessible only
through the Java's RMI (Remote Method Invocation) and this service can be accessed using the
web service interface (SOAP). To resolve this, you can use the service proxy which accepts the
SOAP calls and render them according to Java RMI service.
ESB as Gateway to the World

ESB uses the gateway (acts as entrance to another network) through which it can connect to the
different services running in the other networks. The gateway manages the data communication
which is routed internally or externally from the network. If user wants to access service of an
outside network, then user passes data packet to the gateway, which then connect to the
requested service destination.

SOA - Securing the SOA

Description
Most importantly, securing Service Oriented Architecture (SOA) is necessary to make sure that
the services and applications run safely. For many reasons, including service exposures and
loose coupling of components, securing SOA is essential because sometimes, exposed services
becomes unprotected to attacks.
SOA Attacks
There are different types of attacks to which SOA environment may become unprotected,
espcially if it was implemented using web service technology. Most of the people all around the
world uses both SOA and web services which are rapidly developing areas, as a result they
become more complex and open to attacks. On SAO and web services, most of the attacks takes
place on the application service layer since web services communicate using XML and soap
messages.
Following is a list of attacks in SOA:
 Injection Attacks: This attack occurs when no validation on the user input is performed and
no separation is done between user input and application. For example, SQL injection, XML
injection etc.
 Schema Poisoning Attack: This attack when occurs, modifies, replaces or even damages
XML schemeas that provides the structure of XML documents.
 Denial Of Service Attacks (DoS): This attack when occurs, do not change the service or its
behaviour but can block the use of the service.

Research Contributions
The main contributions are as follows:
 Providing an integrity for SOA that provides enough conditions for securing data
integrity.
 Implementing test bed for SOA and setting environment of specification based IDS.
 Proposing intrusion detection system for SOA networks that are capable of detecting
intrusions affecting behaviour of services.
 Recommending SOA test bed where SOAP messages can be monitored.

SOA - Service Composition

Description
Service composition is a collection of services where, many smaller services are combined
together to a larger service.
Below diagram illustrates the service composition:
 In the above diagram, Service A, Service B and Service C are smaller services.
 Large service is composed by combining services A,B and C together.
Service Composition Performance
The services communicate with each other through a network just like component composition
where inter-service communication is too slow as compared to inter-component communication
taking place in the same application. The performance will be bad if the services communicate
internally through ESB (Enterprise Service Bus) and larger services are decomposed to many
smaller services.
Service compositions can be categorized into primitive and complex variations. Simple logic was
implemented through point-to-point exchanges or primitive compositions in early service-oriented
solutions. As the technology developed, complex compositions became more familiar.
SOA - SOA and User Interfaces
Description
Service-oriented applications mostly focus on the interaction between machines. However, in
applications, the interaction between user and machine also plays an important role. A user can
act as a service provider so that he can set SOA User Interface(SOAUI) design into an overall
system design where the user interaction workflow is a part of system workflow.
The SOA User Interface follows MVC (Model View Controller) architectural pattern. SOA
applications provide the model layer, and User Interfaces occupy the view layer.
The environments hosting components in the SOA approach are abstracted as containers that
provides infrastructure services. From a User Interface view, below are the containers for hosting
client-side UI components:
 Basic Web browser.
 Web browser augmented with Java™Script and dynamic HTML.
 IBM Workplace™ Client Technology™ -- the Eclipse-rich client plus native IBM WebSphere®
Application Server client support.
By supporting technologies like servlets, JavaServer Pages (JSP), JSP Tags etc, the above
containers can be expanded.
The user that interacts with a business process consists of initiating and awaiting the result of a
process. It is important for a human to involve in a process cycle where processes rarely run
completely and automatically. In such environment, WS-Human Task can fulfil this requirement.
A standardize API can be used to fill a mailbox with tasks that was defined for a workflow service.
For example, during a process cycle, if input of addtional data is required, the process establishes
correct actor and places the task in their mailbox through the task service. This process resumes
its work in the background and the users recieve the entries in their mailbox by processing the
pending tasks sequentailly.

10 concrete characteristics of contemporary SOA

Contemporary Service-Oriented Architecture (SOA) has evolved to address modern business and
technological challenges, incorporating various characteristics that make it robust, flexible, and
scalable. Here are ten concrete characteristics of contemporary SOA:

1. Loose Coupling

 Definition: Services in an SOA are designed to interact with minimal dependencies.

  Impact: This allows services to evolve independently without affecting other services.
Loose coupling enhances flexibility and reduces the risk of system-wide failures when
changes are made.

2. Interoperability

 Definition: Services are designed to work across different platforms, languages, and
environments.
 Impact: By adhering to standard protocols and formats (like SOAP, REST, JSON, XML),
contemporary SOA ensures that services can communicate and function together
regardless of the underlying technology stack.

3. Reusability

 Definition: Services are created with the intention of being reused across different
applications and business processes.
 Impact: Reusability reduces redundancy and development effort, allowing organizations to
leverage existing services to build new functionalities quickly.

4. Discoverability

 Definition: Services are designed to be easily discoverable through service registries or

directories.
 Impact: Discoverability ensures that services can be found and consumed by other
services or applications, promoting reuse and dynamic integration.

5. Standardized Contracts

 Definition: Services communicate through well-defined contracts that specify the interface
and interaction rules.
 Impact: Standardized contracts ensure consistency and clarity in service interactions,
reducing the likelihood of integration errors and misunderstandings.

6. Composability

 Definition: Services can be composed to create more complex services or business

processes.
 Impact: Composability allows organizations to build complex workflows and applications by
orchestrating and combining simpler services, enhancing modularity and agility.

7. Statelessness

 Definition: Services are designed to be stateless, meaning they do not retain information
between requests.
 Impact: Statelessness improves scalability and reliability, as each service request is
independent and can be handled by any instance of the service.

8. Service Abstraction

 Definition: The internal implementation details of a service are hidden from the
consumers.
  Impact: Service abstraction allows consumers to interact with services through well-
defined interfaces, without needing to understand the internal workings, enhancing security
and flexibility.

9. Policy-Driven

 Definition: Service behavior and interactions are governed by policies that can be centrally
managed and enforced.
 Impact: Policy-driven design ensures that services adhere to organizational rules and
regulations, improving governance, security, and compliance.

10. Scalability

 Definition: Services are designed to scale horizontally by adding more instances.

 Impact: Scalability ensures that the architecture can handle increasing loads and growing
demands, making it suitable for large-scale and dynamic environments.

Detailed Explanations

Loose Coupling

Loose coupling in contemporary SOA ensures that services are interconnected with minimal
dependency. This principle enables services to change without significantly impacting other
services. It supports agility and scalability, allowing businesses to adapt quickly to changes.

 Example: An inventory service can be updated independently without requiring changes to

the order processing service that consumes it.

Interoperability

Interoperability is achieved through the use of standard protocols and data formats, such as
HTTP, HTTPS, SOAP (Simple Object Access Protocol), REST (REpresentational State
Transfer) , JSON(JavaScript Object Notation), and XML. This characteristic ensures that
services built on different platforms can seamlessly interact with each other.

 Example: A Java-based customer service can interact with a .NET-based billing service
using standard web service protocols.

Reusability

Reusability is a key benefit of SOA, where services are designed to be used in multiple
applications or business processes. This reduces development time and costs and promotes
consistency across the organization.

 Example: A payment processing service can be reused by different applications such as e-

commerce websites, mobile apps, and subscription services.

Discoverability

Services are registered in a service registry, which acts as a directory where services can be
found and consumed by other applications or services. This promotes reuse and easy integration.
  Example: Developers can search for and find a user authentication service in the registry,
avoiding the need to create a new one from scratch.

Standardized Contracts

Service contracts define the interaction between service providers and consumers, specifying
input and output formats, communication protocols, and security requirements. This
standardization ensures clear and consistent communication.

 Example: A weather service contract specifies that it accepts a city name and returns
weather data in a specific JSON format.

Composability

Composability allows simple services to be combined into more complex workflows or services.
This modular approach enables organizations to create sophisticated applications by
orchestrating multiple services.

 Example: A travel booking service can be composed of individual services for flights,
hotels, and car rentals.

Statelessness

Statelessness means that each service request is independent, with no stored information from
previous requests. This design improves scalability and reliability, as any service instance can
handle any request.

 Example: Each request to a web service for currency conversion is processed

independently, without relying on previous interactions.

Service Abstraction

Service abstraction hides the internal workings of a service from its consumers. Consumers
interact with the service through a well-defined interface, enhancing security and simplifying
integration.

 Example: A payroll service exposes an interface for processing payments but hides the
complex logic and database interactions involved.

Policy-Driven

Policies govern the behavior and interaction of services, covering aspects like security, quality of
service, and compliance. These policies can be centrally managed and enforced across all
services.

 Example: Security policies might require all service interactions to be encrypted and
authenticated.

Scalability

Scalability in SOA is achieved through the ability to add more service instances to handle
increased load. This characteristic ensures that the architecture can grow and handle more users
and transactions without performance degradation.
  Example: An online retail service can scale by adding more instances of its product
catalog and order processing services during peak shopping seasons.

Service Oriented Architecture (SOA)

A Service-Oriented Architecture or SOA is a design pattern which is designed to build distributed

systems that deliver services to other applications through the protocol. It is only a concept and
not limited to any programming language or platform.

What is Service?

A service is a well-defined, self-contained function that represents a unit of functionality. A service

can exchange information from another service. It is not dependent on the state of another
service. It uses a loosely coupled, message-based communication model to communicate with
applications and other services.

Service Connections

The figure given below illustrates the service-oriented architecture. Service consumer sends a
service request to the service provider, and the service provider sends the service response to the
service consumer. The service connection is understandable to both the service consumer and
service provider.

Service-Oriented Terminologies

Let's see some important service-oriented terminologies:

 o Services - The services are the logical entities defined by one or more published
interfaces.
o Service provider - It is a software entity that implements a service specification.
o Service consumer - It can be called as a requestor or client that calls a service provider. A
service consumer can be another service or an end-user application.
o Service locator - It is a service provider that acts as a registry. It is responsible for
examining service provider interfaces and service locations.
o Service broker - It is a service provider that pass service requests to one or more
additional service providers.

Characteristics of SOA

The services have the following characteristics:

o They are loosely coupled.

o They support interoperability.
o They are location-transparent
o They are self-contained.

Components of service-oriented architecture

The service-oriented architecture stack can be categorized into two parts - functional aspects and
quality of service aspects.

Functional aspects

The functional aspect contains:

 o Transport - It transports the service requests from the service consumer to the service
provider and service responses from the service provider to the service consumer.
o Service Communication Protocol - It allows the service provider and the service consumer
to communicate with each other.
o Service Description - It describes the service and data required to invoke it.
o Service - It is an actual service.
o Business Process - It represents the group of services called in a particular sequence
associated with the particular rules to meet the business requirements.
o Service Registry - It contains the description of data which is used by service providers to
publish their services.

Quality of Service aspects

The quality of service aspects contains:

o Policy - It represents the set of protocols according to which a service provider make and
provide the services to consumers.
o Security - It represents the set of protocols required for identification and authorization.
o Transaction - It provides the surety of consistent result. This means, if we use the group of
services to complete a business function, either all must complete or none of the complete.
o Management - It defines the set of attributes used to manage the services.

Advantages of SOA

SOA has the following advantages:

o Easy to integrate - In a service-oriented architecture, the integration is a service

specification that provides implementation transparency.
o Manage Complexity - Due to service specification, the complexities get isolated, and
integration becomes more manageable.
o Platform Independence - The services are platform-independent as they can communicate
with other applications through a common language.
o Loose coupling - It facilitates to implement services without impacting other applications or
services.
o Parallel Development - As SOA follows layer-based architecture, it provides parallel
development.
o Available - The SOA services are easily available to any requester.
o Reliable - As services are small in size, it is easier to test and debug them.

Components in SOA interrelate

There are four main components in service-oriented architecture (SOA).

 Service. Services are the basic building blocks of SOA. ...
 Service provider. The service provider creates, maintains, and provides one or more services that
others can use. ...
 Service consumer. ...
 Service registry.