the spike project: secure process-oriented integrative service infrastructure for networked...
TRANSCRIPT
The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked
Enterprises
Karol Furdík1, Marián Mach2, Tomáš Sabol2
1 InterSoft, a.s., Floriánska 19, 040 01 Košice, Slovakia2 Technical University of Košice, Letná 9, 042 00 Košice, Slovakia
FP7 ICT-217098
Contents
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
SPIKE project description Basic facts, Consortium Objectives on organisational & technology levels Related research SPIKE Vision, Pilot applications
Architecture: Methodology, Scope
Context, Actors
Structure of functional components, Data elements
Technology frameworks proposed
Work done so far
Future work
2
Basic facts
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
SPIKE: Secure Process-oriented Integrative Service
Infrastructure for Networked Enterprises, www.spike-
project.eu
FP7 ICT EU project, FP7-2007-217098
FP7-ICT-Call1, Challenge 1 - Pervasive and Trusted Network
and Service Infrastructures, ICT in support of the networked
enterprise
Duration: 01/2008 – 12/2010 (36 months)
Budget: 2.8 mil. EUR, EC Contribution: 2 mil. EUR
Effort: 351 person-months
3
Consortium
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
8 partners from 5 different EU countries
3 academic institutions: Technical University of Košice (SK) University of Malaga (ESP) University of Regensburg (D) Coordinator
5 industrial partners: addIT Dienstleistungen GmbH & Co KG (A)
Citec Information Oy Ab (FIN)
Infineon Technolgies IT-Services GmbH (A)
InterSoft a.s. IS (SK)
IT Inkubator Ostbayern GmbH (D)
4
Objectives (1)
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
Main objective: Development of a software service platform for the easy,
secure, and fast start-up of short-term and project-based virtual business alliances.
Organisational objectives: Enable outsourcing of parts of the value chain to business
partners; Simplify collaboration between the members of participating
organizations through dynamically created and pre-defined
business processes and workflows; Achieve interoperability between organizations of all sizes; Offer generic solutions for inter-enterprise interoperability and
collaboration through reference scenarios and guidelines for
their use; Have a special focus on security and trust.
5
Objectives (2)
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
Technology objectives - design of the components: Semantic service bus for registering, discovering and contracting
services, as well as for service message routing and processing; Semantic BPM engine, handling customized processes, workflows
and distributed processes built from generic process fragments; Information flow control between members of the alliance: service
message and user context filtering according to specified policies; Security infrastructure: attribute management, authentication,
workflow and service access control, and auditing functionality; Repositories for processes and ontologies; Portal server extension for semantic context capturing and
communication; Portal-based interfaces and tools for user-friendly administration of
alliances, ad-hoc workflow modeling and process handling..
6
Related research
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
EU projects of particular interest for SPIKE: STASIS (FP6-034980, www.stasis-project.net): eEconomy
services, semantic interoperability; TrustCom (FP6-001945, www.eu-trustcom.com): framework
for Virtual Organisations; SeCSE (FP6-511680, www.secse-project.eu): support for
service-centric applications - specification, discovery, design and management of services;
OPUCE (FP6-034101, www.opuce.tid.es): service environment, infrastructure for collaborative and dynamic loosely coupled services;
SUPER (FP6-026850, www.ip-super.org): modular architecture for semantic BPM.
other projects and research groups focused on SWS, Security, Identity Management and Privacy, Process-Oriented Knowledge Management, etc.
7
SPIKE vision (1)
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
8
Networked Enterprise
SPIKE Conceptual Layer
SPIKE vision (2)
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
9
Networked Enterprise
SPIKE Conceptual Layer
SPIKE Service Layer
Pilot applications
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
1. Information hotel Controlling and automation of the supplier vs. client
documentation management processes and related sub-processes.
Use cases: uploading, sending, receiving docs from supplier, verifying uploaded docs, verifying received docs near deadline, sending reminder messages to suppliers, ...
2. Legacy applications Location of services of partners, integration into workflows. Use cases: maintenance of service providers, service information
and configuration, tracking services, contracting and ordering services,...
3. Identity federation Enable access to the inner infrastructure of partners within an
alliance to support effective collaboration. Use cases: collaboration setup and maintenance, role and
resource management10
Architecture design
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
11
Methodology:
spec. of viewpoints, perspectives, stakeholders
Scope - functional viewpoint, levels of collaboration: Collaborative processes: modeled by patterns - business
processes, incl. steps/activities, resources/artefacts, workflow structures, semantic description of processes.
Sharing services: environment for offering and contracting services, based on project-oriented workflow.
Identity federation: SPIKE as mediator to enable access to internal resources of/between alliance partners.
System context - actors
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
12
Human actors and software agents, as they were identified during the architecture design: concurrency and operational viewpoints, as well as in the usability perspective
Overall system architecture
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
13
SPIKE Service Bus
Interface Manager
Communication Manager
SPIKE System Core
SPIKE Portal Instance
SPIKE Administration, Reporting, and Monitoring
Alliance Manager
Report Manager
Wrapper Manager
Display Manager
Intra Portlet Manager
Session Manager
Content Manager
Rel. DB Data Storage RepositoriesIndex space OntologiesFile System
Security Manager
Identity Manager
Notification Manager
Service Manager
Process Manager
Search Manager
Semantic Manager
Platform Manager
Functional description of managers
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
14
17 managers have been broken down into 48 modules Description of each manager consists of:
Context of the manager Supported use cases Structure of the manager
Modules with their APIs and dependencies Interactions among manager’s modules
AllianceManager
DisplayManager
CommunicationManager
InterfaceManager
SecurityManager
WrapperManager
Intra PortletManager
SessionManager
ProcessManager
SemanticManager
SearchManager
ReportManager
NotificationManager
IdentityManager
ContentManager
PlatformManager
ServiceManager
Data elements
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
15
Technology (1)
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
Open Source, Java-based
BPMN/BPEL for BP modelling: Eclipse BPMN Modeller for visual BP modelling
Automatic transformation to the executable BPEL
sBPEL ontology for semantic representation of BPs
WSMO framework for semantic modelling: WSMOLite - basic conceptual framework
WSML ontology representation
WSMO Studio for general ontology maintenance
Annotation tool for semantic annotation of information resources
16
Technology (2)
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
ESB - Enterprise Service Bus: Java Business Integration (JBI) compliant
ESB Apache ServiceMIX
OpenESB
JBI components: BPEL – Apache ODE
(Orchestration Director Engine)
Portal integration layer: Intalio Tempo
Security: Single Sign On service & Authentication:
Simple Authentication and Security Layer (SASL), i.e. SASL-CA
Authorisation: PERMIS infrastructure17
Summary - work done so far
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
User requirements specified: Application cases for all the pilot applications defined Use cases for particular processes identified within the app. cases Information resources identified, guidelines for semantic mark-up of
the processes and resources provided
Architecture of the platform designed and described in detail: Architecture views and perspectives Actors interacting with the system
Functional components identified and described in their mutual interactions:
17 functional components / managers context, use cases, internal structure of services, class diagrams,
sequence diagrams; technology frameworks identified
1st project review (January 29, 2009) successfully accomplished
18
Future work
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
Platform design and implementation: Specification of components for portal system (02/09) Specification of components for service bus sub-system (02/09) Implementation of the 1st prototype (08/09)
Semantic BP modelling: Toolchain for semantic mark-up of business processes (04/09) Development of the resource ontologies (08/09)
Pilot applications: Specification of pilot applications for the 1st trial (04/09) 1st trial, validation of the SPIKE platform on the app. cases (09-
12/09) Forthcoming events:
SPIKE on CeBIT 2009 in Hannover, Germany (3.-8.3.09) SPIKE Workshop on „Technologies for the Networked
Enterprise“ (NetE‘09) as part of DEXA 2009 in Linz, Austria (31.8.-4.9.09) http://www-ifs.uni-r.de/nete09/
19
Questions?
Znalosti 2009, FIT BUT Brno, February 4-6, 2009
K. Furdík, M. Mach, T. Sabol: The SPIKE project: Secure Process-oriented Integrative Service Infrastructure for Networked Enterprises
20
More info: http://www.spike-project.eu