Monday, 28 April | Tutorials

*subject to change

8:00-8:30 Coffee & Registration

Andy Lee, Director of Standard, Changfeng Alliance

The extended research and development of the EERP technology system has revealed the necessity of new and adapted standards development in three areas: business Service Level Agreements [SLAs], business Quality of Service [QoS], and Rating. These standards or standard extensions will drive a service choreography that supports EERP, and extend existing BPM technology to support EERP. WS-SLA addresses the service agreement between different services that support EERP, WS-BQOS will standardize the business and performance criteria for services that support EERP, and WS-Rating will standardize the reliability, availability and credibility of services that support EERP.

The purpose of EERP is to support self-optimizing business process execution. We present details of choreographies that can optimize the business process based on step-by-step evaluation of business objectives.. The extension of BPM work that supports EERP will be presented to explain how to drive the optimization of the business process and how to select the best services subject to the overall business objectives. Several EERP applications developed for different industry sectors are presented to illustrate the practical use of EERP and relevant standards.


Agata Filipowska, Teaching and Research Assistant, Poznan University of Economics; Barry Norton, Research Fellow, Knowledge Media Institute at The Open University Walton Hall; Dumitru Roman, Researcher, Semantic Technology Institute / University of Innsbruck

Business Process Management (BPM) follows a four-phase life cycle: modeling, implementation, execution, and analysis of business processes. In modern enterprises this involves a mix of manual and automated activities coordinated with Business Process Management Systems (BPMSs). Therefore, BPM specifies management models for business processes and defines organizational resources to support business goals. A central problem for supporting all phases is the integration of IT components within and across enterprises. The current trend for solving this is the use of the SOA paradigm: IT functionality is virtualized in terms of loosely coupled services with stable interfaces. However, even though the combination of BPM and SOA is a very flexible approach for automated support of business processes, there are still several problems to be overcome.

During the modeling phase, processes are created using notations like BPMN and EPC. Their meta-models are incompatible, which hampers the unified use of these notations within and across organizations. Also, business experts use BPM notations different from IT experts: bridging this gap usually requires imprecise, manual work. Many organizations maintain a large pool of legacy and newly created process models created in different notations. This hampers reusability of process models, resulting in missed opportunities to reduce BPM costs. Even though SOA architectures allow the re-use legacy functions via Web services, existing BPM technologies are not flexible enough: only services or sub-processes with known syntactic interfaces can be composed, while the semantics of tasks and available functions are disregarded.

During the execution phase, process instances follow the specifications defined at design time. However, in existing BPM execution environments the resolution of the service types specified at design time to particular implementations is hard-coded, which does not reflect important aspects of the services. Changing service implementations and mismatches may hamper successful process execution. Semantic Web Services (SWS) develop techniques for automated discovery, composition, and execution of Web Services based on richer semantic descriptions of functional, non-functional, and behavioral aspects. Founded on ontologies, Semantic Web provides methods and tools for the machine-understandable representation of collective knowledge and business processes.

The purpose of this tutorial is to present a comprehensive overview of current trends of integration of Semantic Web Services technology into BPM in order to increase automation and flexibility of business processes.


Doug Tidwell, Senior Technical Engineer, IBM; Jean-Sebastien Delfino, Senior Technical Staff Member, IBM Burlingame Lab and Raymond Feng, Senior Software Engineer, Open Source SCA Development, Apache Tuscany Project, IBM Burlingame Lab

Service Component Architecture (SCA) provides a simple programming model to address the challenges of building composite applications. SCA provides a consistent assembly model of distributed applications and of the components from which they are constructed. This model explicitly separates business logic (Component/Services/References) from the details of how a running application is assembled (Composite/Wire) and deployed. This promotes a common terminology and supports a common understanding of the capability of applications and the way those applications work together. This common model also provides the hooks for tooling, governance, monitoring, and management in the service-oriented world.

The Apache Tuscany incubator project provides an open source services infrastructure for building, deploying and running SOA solutions based on Service Component Architecture (SCA) specifications. Apache Tuscany extends SCA beyond the specifications including support for OSGi and Web 2.0. With Tuscany, application developers can easily create components that provide and use services using a variety of programming languages (Java, BPEL, scripting languages, XQuery, etc), assemble these components into composite applications and deploy them in a distributed environment. Tuscany supports many bindings to facilitate service communication, including Web Services, EJB, JMS, RMI, JSON-RPC, Atom etc.

This tutorial will explore how to use SCA and Tuscany to build composite service applications. Coding examples showing how to implement and assemble SCA components will be presented. Tuscany will be used to build, deploy and run an SCA application on top of Apache Geronimo, communicate with Web Services via Tuscany Axis2 integration, and integrate Web 2.0 clients using JSON-RPC.

In this tutorial, we will use a real world scenario to demonstrate how to build and evolve an online store application using Tuscany SCA as the business grows over time. The application will be developed in the following stages:

  • Create an online store, implement services, and integrate a Web 2.0 client
  • Rewire the composite application after a merger
  • Integrate a database
  • Add new services and bindings
  • Integrate with online services
  • Reconfigure and rewire the composition as the online business expands

The continued enhancement of the application demonstrates the simplicity and flexibility of SCA/Tuscany. We will wrap up the tutorial with a brief discussion of the future of SCA and Tuscany, demonstrating advanced features that we won't have time to cover in the hands-on exercises. The tutorial will assume experience with Java and Web Services but no previous experience with SCA or Apache Tuscany.


Tim McGrath, Managing Director, Document Engineering Services Ltd.

UBL is establishing itself as the language of choice for a variety of electronic commerce applications. It is particularly well suited for use in business web services and service oriented architectures. The use of UBL for such environments ensures that services remain meaningful and worthy in a variety of different compositions. Inevitably, these applications may require some refinement of the standard structures.

This presentation explains some of the design principles behind UBL and how both the standard components and the principles behind them can be adapted to suit the requirements of different business processes. We will explore a case study involving the Danish Government's OIOUBL and Service Oriented Infrastructure project.

Composing different services into a meaningful business process requires interoperability of the information contained in the documents exchanged. This tutorial will discuss the opportunities for utilizing the OASIS Universal Business Language (UBL) as the glue to bind these services together at a business data level.

This tutorial explains the design principles behind UBL and how it can be adapted to suit the requirements of different business processes. These composite applications will require some customization of the standard structures and the creation of new document types.

The objective is to enable participants to understand the issues involved in customizing UBL and how to develop specific implementations that suit the requirements of their context of use. The target audience is system analysts and developers responsible for the implementation of document interfaces.

Tutorial Agenda:

  • Background to Document Design
  • UBL Design
  • UBL Specification
  • Case Study Scenario
  • Designing Customizations
  • Specifying Customizations
  • Validating Customizations

William Cox, Principal, Cox Software Architects LLC

The creation of standards is both a technical and social process. This tutorial will help you work more effectively with others in a standards project is the most important lesson. Many of the techniques apply to not only standards projects, but to similar issues in software and business projects in general. This Tutorial will be highly interactive; participants will be asked to answer (for themselves) a set of questions prior to the Tutorial.

We start with background material. First we talk about the nature of standards, what a standard is and is not, and the desire for and degrees of openness of both standards and standards processes. We then discuss interoperation and conformance, and how to produce better, more useful standards. Then we cover five "secrets"—prescriptions for improving standards projects and what you and others get from them:

  • Understand the landscape - the context for the standards project: where the proposed work fits with other projects and products, including analyzing who might benefit from the work;
  • Understand why and what - your goals and others' goals: understanding your goals, the goals of other participants and non-participants, and evaluating your organization's interests in leading, supporting, or following the work;
  • Keep asking questions - and a broad checklist of penetrating questions you can ask, and how to understand the answers to build and extend your understanding of the work and the participants;
  • Invest time and effort in the work - and how to benefit from investing most effectively;
  • Work well with others - how to move work forward, show leadership, and be effective inside and outside of formal meetings.

Each of these prescriptions is described and illustrated with clear, specific techniques that have been used successfully in many standards groups and software projects.

The Tutorial will conclude with questions and answers. At the end you will have answers to questions including (1) How can my business benefit from standards work? (2) How can I communicate my goals effectively, and understand others' goals? (3) How can I get the most out of my standards investment?

12:45-1:30 Break for Lunch

Arshad Noor, CTO, StrongAuth Inc.

As the internet gets increasingly hostile, and as regulations focusing on IT continue to become law around the world, companies need to focus on protecting sensitive data across their enterprise. Not just credit card numbers and Social Security Numbers, but also e-mail addresses, dates-of-birth and even simple mailing addresses and other data that we deem trivial today. However, the distributed nature of IT and the complex application architectures that are part of the legacy environment make this a challenge. Service Oriented Architecture (SOA) lends itself extremely well towards solving this problem where applications request encryption and key-management services - securely - from a network-based service provider.

This tutorial provides a technical overview of a new protocol, Symmetric Key Services Markup Language (SKSML), and the mechanics of an Enterprise Key Management Infrastructure (EKMI) that can securely provide this web-service to any authenticated requester over the network. The tutorial also covers implementation guidelines for an EKMI, as well as developer guidelines for using such services within legacy and new applications.

In addition to discussing the markup language, the session will also provide a demonstration of the technology, an update on the standards effort around this protocol within the OASIS EKMI Technical Committee, and future directions for this technology.


Adomas Svirskas, Researcher, Institute Eurécom and Jelena Isachenlova, Researcher, Institute Eurécom

The number of complex multi-domain/multi-country collaborations is constantly increasing, as the SOA concepts and supporting technologies are maturing. In order to gain acceptance, such solutions must be efficient, easy to use, secure and trusted. The work discussed in this tutorial aims to leverage the best implementations of standard and interoperable Web services specifications to provide a lightweight and modular framework for inter-organizational collaborative interactions in European e-Government sector.

The concept of application-level gateway is implemented using pluggable extensions of Web services engines and further enhanced by using intelligent message processing based on Enterprise Service Bus and mediation techniques. This kind of virtualization allows us to achieve desired flexibility and security level providing standards based interoperability, data confidentiality, authenticity, integrity and role/policy based access control.

These features, combined with the concept of Data as a Service (DaaS) enable the end users to have more power of creating ad-hoc enterprise data mash-ups, leverage benefits of enterprise social computing and gain additional opportunities when creating and reusing value-added knowledge.


Frank McCabe, Research Scientist, SandPiper

SOA is an architectural paradigm that is driven by the need to enable multiple participants to interact with each other, offering and consuming services on the scale of the Internet itself. As such it promotes a world in which services can and will be used and reused in ways that perhaps the originators of services do not envisage.

The OASIS Reference Model for SOA gives a concise characterization of SOA, and how it differs from other paradigms for distributed systems; one of the key distinguishing features of SOA is its ability to work across multiple ownership domains.

The OASIS Reference Architecture for SOA takes the work of the Reference Model one stage further by providing an architectural description of how SOA-based systems may be realized. There are three main views in the Reference Architecture: how SOA-based systems might be used in an effective way; how SOA-based systems may be constructed; and the view corresponding to the issues raised in owning SOA-based systems.

In this tutorial we will outline the major models that are part of these views; and show how they form the basis of a coherent architecture that address many of the key points in systems that span ownership domains: how the roles of participants, resources, policies and agreements can be coherently integrated. We explain some of the key technology choices in realizing SOA-based systems,and how issues such as security, governance and management can be addressed effectively.


Michael Rowley, Office of the CTO, BEA Systems

The first Service Component Archicture (SCA) specifications have been available long enough that many people have at least a surface-level understanding of the things that SCA is capable of. Perhaps they have seen some example assembly diagrams and possibly understand the basic Java annotations of @Service, @Reference and @Property for creating new Java components. However, SCA provides many valuable capabilities that go beyond those simple concepts. This talk will delve into these capabilities.

This talk will describe SCA’s approach to policy and how it can be used to declare the security, reliability and transactional characteristics of components. It will also introduce conversational and bi-directional interfaces and how they can be used and customized from Java or BPEL. It will also describe SCA’s deployment model – how code and other artifacts are installed into an SCA “Domain” and then used or shared with other contributed code. These and other important but lesser-known features of SCA will be described with examples of how they are used.


Brent Miller, Senior Technical Staff Member, IBM and Randy George, Senior Technical Staff Member, IBM

This tutorial surveys the use of the OASIS Solution Deployment Descriptor (SDD) emerging standard (expected to be completed Spring 2008), focusing on its use for deployment lifecycle management of composable software, including SOA solutions. We describe today's deployment problems, especially for complex software solutions, and then describe the SDD emerging standard and how it can be used to address many of these problems. We present a use case that illustrates how SDD can be employed for deployment lifecycle management of a software solution in an SOA environment and describe the benefits of using SDD. We study details of the SDD, using examples to illustrate the fine points of producing and consuming SDDs.

Learning Objectives:

  • Understand today's problems associated with software deployment
  • Understand how the OASIS SDD emerging standard addresses these problems
  • Learn what is included within the SDD emerging standard
  • Learn how to use the SDD emerging standard
    • Illustrative use case(s)
    • Examples with details showing SDD elements and attributes
    • How SDDs are produced and consumed, including tooling
  • Understand the benefits of using SDD
5:45 Tutorials End