Monday, October 19, 2009

Consumer Oriented Service Architecture (COSA)

We are all familiar with "Service Oriented Architecture" also called SOA. Few years back it brought agility in IT by reusing legacy code and providing service interfaces to call them in a standard manner. It enabled "reuse" and "rapid development" bringing in IT efficiency and cost savings.
Now, it has reached a maturity level, where customers are deploying services in hundreds and not just dozens, and vendors have tools available to manage and secure them.

While SOA concentrated on how to make the service architecture better, it left out on the consumer focus. The consumer focus becomes especially important when services are exposed to partners.

So, I decided to capture all requirements related to this area and coined the term Consumer Oriented Service Architecture (COSA) to represent a new area for innovation.
Here are some of the challenges that I see need solutions
  1. Consumer identification: A service consumer is a nebulous word. A consumer could be identified through a user identity(name/attributes, saml attributes), application identity, ip address, location, type of device (such as web, mobile, widget), etc.
    • Vendors need to come up with a specification to standardize on how consumers are identified in their tools.
  2. WSDL and other description languages: Today, WSDL describes the service interface only that is used by all consumers invoking it. How can I enhance this description language such that certain operations are available to some consumers, and certain operations are not available to other consumers?
    • The service description language would need to be enhanced to accommodate it.
    • Service registries and repositories would need to be able to understand and manage these new artifacts associated with consumers.
  3. Contracts: How can I define and mange contracts between service providers and service consumers, and ensure that they are being complied with?
    • Service repositories which manage contracts should be able to support it.

  4. Policies (security, reliability, etc.): How can I apply security policy differently for Consumer A vs. Consumer B. I may not be trusting Consumer B as much as Consumer A, and would like to apply enhanced security for Consumer B such as using strong authentication or requiring Consumer B to send messages over higher bit encryption algorithms? Or, Consumer B may not be as technology advanced as Consumer A, and I need to allow Consumer B interact with my service using a different token (for authentication) than Consumer A.
    • This would lead to enhancing WS-Policy, WS-SecurityPolicy and associated standards to bring in consumer focus to them, and vendors supporting it.
  5. Operations (availability, routing, SLAs): How can I route/process messages coming from Consumer A preferentially over Consumer B? I may have SLAs (such as avg response time, concurrency, etc.) set for Consumer A that are different for Consumer B. How can I manage and enforce these consumer centric SLAs?
    • Service Management tools need to include consumer identifier in all their metrics and have capability in alarms and rules to act upon this identifier.

  6. Throttling/Shaping: How can I throttle or shape requests on a per consumer basis based on the SLAs defined between service provider and consumer?
    • XML Gateways and service bus (ESB) should be able to perform throttling based on consumer identifier.

  7. E2E Tracing (root cause analysis): How can I trace messages end-to-end (from consumer to service infrastructure to application to database) coming from a particular consumer of the service?
    • Application and service infrastructure tools need to include the consumer identifier in all their diagnostic and audit logs.

  8. Audit and reporting: How can I run audit reports for a particular consumer-service interaction? Audit records need to include consumer identifier.
    • Audit and reporting tools need to be enhanced to include consumer identifier as one of the criteria for reports.

  9. Provisioning: How can my tools allow provisioning of a new consumer that would invoke my service? How can I use a workflow approval process to provision such a consumer for my service? How can I provision application identitiesand certificates that relate to a particular consumer through a well defined process?
    • Service provisioning and workflow tools need to include the concept of consumer provisioning (or consumer onboarding).

  10. Social apps: How can I enable service-consumer interactions using social apps? How can I notify availability of a new version of the service using Twitter like apps? Or, let consumers share their experience and learning in using the service?
    • Social tools such as wikis, discussion boards, etc. should be integrated into service infrastructure tools to provide service-consumer interaction.

If your company has similar needs, then pls share your use cases by commenting to this blog entry.