Professional Documents
Culture Documents
13
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Information model
Service interface design
Document design
Service implementation design
495
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
496 Part III ■ Case Studies
Travel Insurance
This chapter presents a fictitious scenario related to selling travel insurance as
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
The Scenario
Hollis, Inc. is a travel information and reservation provider, sometimes gener-
ically known in the travel business as a Global Distribution Service (GDS).
Hollis has relationships with major airlines, hotels, and the like on the supplier
(vendor) side, and with travel agencies, web sites and consolidators on the
sell (customer) side. Hollis wants to upgrade their systems to support selling
travel insurance and other trip add-ons in a uniform and consistent manner.
Travel insurance is an emerging and lucrative product. Hollis want to facilitate
the sale of add-on travel insurance as a natural part of the travel shopping
experience, and to get their cut of the transaction in the process. To maximize
profitability, Hollis wants to create the best volume and wholesale relation-
ships with the insurance companies and the most flexible retail relationship
with the agencies and travel web sites.
Hollis, and other GDSs, are essentially brokers between the buyer and seller
of travel products. However, the relationship is not so simple. The ultimate
end user, for example you or me, does not deal directly with Hollis but instead
goes through an intermediary agency or web site. There are two primary types
of end users, business travelers and leisure travelers. Figure 13-1 illustrates the
different relationships in the scenario.
Each intermediary channel (agency, web site, etc.) and each vendor can have
specific contractual relationships with Hollis. These relationships can specify
the type of insurance products that are offered, the insurance vendors, and the
pricing, commission, and markup. In the past, dedicated and inconsistent solu-
tions were implemented for selling insurance, depending on the relationship
Agencies Vendor
Business Hollis
Web Sites Vendor
Copyright @ 2008. Wiley.
GDS
Custom Vendor
Leisure
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 497
between the buyer and seller and Hollis. The goal of the project is to replace
all the different one-off solutions with a unified and extensible solution.
The solution has to support the evolving SOA efforts and plans going on
at Hollis, utilize and augment the existing services, and fit into the overall
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
business architecture.
Conceptual Architecture
The first things to understand are the scope of the project and its interactions.
Figure 13-2 illustrates the high-level conceptual architecture for the project.
On the left of the figure are the different channels through which insurance
might be sold. These include:
Hollis.com — Hollis has its own travel web site.
Agencies — Travel agencies.
Web sites — Third-party web sites, such as Expedia, including confirma-
tion emails.
Branded GUIs — Private-branded GUIs provided by Hollis for specific
clients.
On the right side of the figure are a variety of insurance vendors. The
middle of the drawing shows the set of services that are needed to provide an
end-to-end transaction that includes insurance. The services are divided into
two main categories: Insurance Services and Common Services. The common
services show only the service groups that are needed. They are out of the scope
of this project. The insurance services show the insurance-specific functions as
Foundation Services
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
498 Part III ■ Case Studies
either business or domain services. This set of services comprises the scope of
the project.
Insurance services include:
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Business Concerns
Now that you have the high-level service-oriented vision, it is time to take
a look at the business issues. It is always a goal, and a challenge for IT
organizations, to build systems that ‘‘align with the business.’’ You’ve heard
this refrain so often that it is hard to consider it more than a cliché. But at the
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 499
The bad news is that it makes it more difficult to align with. But the good
news is that it provides an opportunity for IT to engage the business in the
development of some business architecture.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Customers
Product
Inventory and Content
Information
Goal
Payment Billing and Payment “…to provide premium
Management travel content and
Copyright @ 2008. Wiley.
Supporting IT Management
Supporting Processes HR Management
Activities Financial Management
Support Asset Supporting (Financial, HR, IT, . . .) Assets
Info
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
500 Part III ■ Case Studies
and payments, and information management. These are all necessary to keep
the primary value chain going.
The value chain is useful for identifying the different functional areas of the
company and focusing attention on the most important. It is a good mechanism
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
for bringing out the goals and objectives. As well, it starts to identify areas of
services. For example, each different step or primary activity is likely to have
one or more service groups associated with it. This provides a first step in
creating a service inventory.
The primary business goal of Hollis is ‘‘to provide premium travel content
and reservation services.’’ Some secondary goals are shown in the following
list:
Be the primary travel content provider in the industry.
Provide integration with all types of travel content.
Support a customer-centric approach to travel reservations (to optimize
customer experience) and product marketing and sales, across multiple
channels where possible.
Provide the best price and inventory optimization and management on
behalf of partner providers.
Business Motivation
So, if the objective is to align your SOA solution with the business goals, how
do you go about doing that? First, you need to ask the right questions. For
SOA, you must answer the following questions:
What business are you in?
What are the goals and objectives of this particular business?
What outcomes are needed to achieve those goals?
What is the strategy for achieving them?
How will they be measured?
What capabilities and information are needed to achieve those out-
comes?
What processes, services, entities, and rules are needed to implement
those capabilities?
What existing applications provide basic capabilities and information?
Copyright @ 2008. Wiley.
How are the applications, processes, and so on aligned with the business
strategies and goals?
Business architecture helps you understand and answer these questions,
but how do you describe all the different concepts? And how do you tie the
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 501
operational concepts (processes, services, etc.) back to the business goals and
establish traceability?
Let’s not forgot that although it is focused on the business, BA is still
architecture. It should not be any less precise or formal just because it is
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
<<Mission>>
High-performance, <<Vision>>
up-to-date, operationalize
Travel content
comprehensive provider of choice
travel content
plan amplify
<<Goal>>
<<Strategy>>
support Most comprehensive,
Maximize
timely, and cost
relationships
effective content
implement
quantify
<<Business Service>> <<realize>> <<Tactic>> <<Objective>>
achieve
Insurance Product
products Three new partnerships
optimization
by end of year
<<Policy>>
enforce Partner product
has priority
Copyright @ 2008. Wiley.
specify
<<Rule>>
First product is from
partner
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
502 Part III ■ Case Studies
The vision of being the travel content provider of choice for agents and end
users is operationalized by the mission, which is to provide high-performance,
up-to-date, and comprehensive content. The vision is amplified by the goal
of providing the best and most comprehensive insurance content, and the
goal is quantified by the objective of signing three new insurance partners
this year. The goal is supported by the strategy of maximizing relationships
with travel insurance providers. The objective is achieved by the tactic of
providing product optimization capabilities for partners as an enticement to
get new partners to sign. The strategy and tactics are governed by the policy
of providing priority to partners’ insurance products, which are enforced by
the rule of offering the partners’ products first.
Finally, the business service InsProduct realizes the tactic, providing trace-
ability from the service to the tactic that it implements and to the objective that
the tactic achieves.
Brief Review
Copyright @ 2008. Wiley.
Before you dive into the case study any further, let’s review the analysis and
design steps (from Chapter 4) that are followed in the example. These are:
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 503
Quote
Quote
Documents
Business Process Quote
4
Copyright @ 2008. Wiley.
6 Primary
Driver
1
Insured Party
Name: String
PrimaryAddress: A
HomePhone:
WorkPhone
MobilePhone: Phone...
DoB: Date: Phone...
MaritalStatus: Marit..
Gender
1 R1 1
DriverIdentification
State: String
LicenseNumber: String
Customer CoInsured
related by
Information
BillingAddres: Addre...
CustomerID: Custom... 10 R1 0..* Relationship: Relation...
Product 0..*
R1
0..*
Shared
Product
R1
ProductIdentifier: Prod…
ProductType: Product:
1
R1
Vehicle 1..*
VIN: VIN
Make: String InsuredItem
Model: String
Year: String
2
Style: VehicleStyleCode
1
Information
1
R1
R1
1 1. . *
VehicleUsage Coverage
Coverage: CoverageT...
Usage: VehicleUsageCO... Detail: CoverageDesc...
1 YearlyMiles: Int Name: String
Business: Boolean
1 1
R1 R1
1 1
Limit Deductable
Information Model
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
504 Part III ■ Case Studies
1. The overall set of processes, as identified by the value chain and the set
of all context models provides the enterprise SOA with a context that can
be represented in the service inventory.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
EVERYTHING IS CONNECTED
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 505
Tying all of this together is traceability. Because all aspects share a common
root and are part of a continuous development process, you can follow one to
the other. Starting from your strategic outcomes, you can trace down to the
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Insured Party
Name: String
Primary PrimaryAddress: A
Driver DriverIdentification
HomePhone:
WorkPhone R1 State: String
1 1 1
MobilePhone: Phone... LicenseNumber: String
DoB: Date: Phone...
MaritalStatus: Marit..
Gender
Customer CoInsured
related by
BillingAddres: Addre...
CustomerID: Custom... 10 R1 0..* Relationship: Relation...
Product 0..*
R1
0..*
Product
Data
R1
ProductIdentifier: Prod…
ProductType: Product:
R1
Vehicle 1..*
VIN: VIN
Analyst
1
R1
R1
1 1. . *
VehicleUsage Coverage
Coverage: CoverageT...
Usage: VehicleUsageCO... Detail: CoverageDesc...
1 YearlyMiles: Int Name: String
Business: Boolean
1 1
Agent Limit
1
R1 R1
1
Deductable
Insurance
Cancel Policy
Customer CoInsured
related by
Business
BillingAddres: Addre...
CustomerID: Custom... 10 R1 0..* Relationship: Relation...
Product 0..*
R1
0..*
Product
R1
ProductIdentifier: Prod…
2
ProductType: Product:
Analyst
R1
Vehicle 1..*
VIN: VIN
Make: String InsuredItem
Model: String
Year: String
Style: VehicleStyleCode
1
1
R1
R1
1 1. . *
VehicleUsage Coverage
Coverage: CoverageT...
Usage: VehicleUsageCO... Detail: CoverageDesc...
1 YearlyMiles: Int Name: String
Business: Boolean
1 1
Agent
R1 R1
1 1
Limit Deductable
Shipper Estimator
System
Document Model/Marking
Identify repair Calculate Analyst
and maintenance
needs
Repair Slip Costs
3 4
Price Agent
Apply
Policy Create
Discount Create Should be a
Policy branch here to
Request
Policy loop through
GetVehicle list of vehicles
Information
Get Policy
PolicyId VIN VehicalInfo
Information
Estimate
Send Estimate
1 Change
w
St
QuoteRequest
GetCustomer
Information Customer
GetLocation
Address Information LocationInfo
Calculate
Price
Options
CreatePrice
In the service design model, you often start with use cases. There should be
a direct relationship between the use cases and the business strategy, goals,
and objectives. In fact, the use cases should describe the tactics used to meet
those objectives. Use cases are a well established and understood mechanism
for collecting and stating requirements and seem to be a good place to start.
One major goal of the use case diagrams is to provide a table of contents for the
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
506 Part III ■ Case Studies
diagrams serve the same purpose as the Business Process Models. The main
difference is that they are the type of model supported by UML tools, which is
what you use for the design process.
The information model is derived from the overall enterprise model and
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
additional details from the use case models. Once the scenarios and use cases
are in place, you’re ready to start with service interface design. Again, the
numbers in the following list correspond to the numbers in Figure 13-6.
1. Activities in a scenario diagram become operations on a service inter-
face. You include the operations in a service interface diagram.
2. The information passed into and out of operations become documents.
The documents are defined by deriving the specific information for each
operation from the overall information model.
3. You also include the documents in the service diagram. This gives you
an overall view of the service from which you can evaluate the cohesion,
coupling, and complexity.
4. The implementation of each operation is described in procedure dia-
grams, including activity and class models.
Of course, this is an iterative process. You constantly discover new oper-
ations and new information as you work through the details of the service
design. In addition, you constantly need to refactor the models to accommo-
date shared behavior, shared information, and variability. This may require
you to go back and update use case scenarios, information models, service
inventory, and so on. It is best to keep things up-to-date as you go.
At the same time, you don’t want to get bogged down in analysis paralysis.
An agile approach to development is often best. You first want to get a big
picture view in place; for example, an overall service inventory or an overall
understanding of the service interface. But this should not take too long and
does not require a complete model. Then, you can completely implement
and test one operation at a time and one service at a time. As you build the
services, you continue to evolve the models and to refactor them based on
what you learned and new or changed requirements.
Now, let’s get back to the business analysis of the case study.
Business Analysis
The first step in the business analysis is to understand the overall business
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 507
Pay Commission
Request
Package
Add-Ons
Request Package
Specific Insurance
Cancel Request
Cancel Reponse
TCancel
Figure 13-7. The context diagram includes the major parties, represented by the
rounded rectangles, and the messages that they exchange, represented by
the arrows. You create the context diagram by talking with the business ana-
lysts and walking through all of the different interactions (use cases) required
for end-to-end insurance capabilities.
Central to this context diagram is insurance (the large rounded rectangle in
the middle). It interacts with the channels (on the left) and the vendors (on the
right). Initially it addresses only the agency channel. Other channels can be
added in the next iteration of the model. To complete the interaction, you also
need the trip creation systems, add-on sale opportunity functions, and billing
and payment systems.
The interactions between the channel and insurance support: shopping
for an insurance product, getting a quote for the trip insurance, purchasing
Copyright @ 2008. Wiley.
insurance and getting a policy, and modifying and canceling the policy.
Typically, each interaction involves a request and response message.
The interactions between the vendors and insurance support setting up a
relationship, providing prepackaged insurance products, providing dynamic
insurance products, purchasing a policy, and modifying the policy.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
508 Part III ■ Case Studies
get there in 3–5 iterations. The remaining details emerge during detailed
design. The one exception to this rule is if the model is intended to be exe-
cutable. In that case, being good enough for your purposes requires it to be
complete.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 509
a Business Process Model. Figure 13-8 illustrates a very high-level process for
insurance. The process involves two actors, the agency that is selling the trip
and the insurance services that provide the insurance capabilities.
At this level, the process is fairly straightforward.
The travel agent, working with their customer, creates a trip.
The agent shops for insurance products that are available for this trip. A
set of products and prices is returned.
The agent or customer picks the product he or she wants and sends a
request to purchase the insurance. The first step is to get a price quote.
The quote implies that the insurance request has been validated and
that the price is correct. The agent or customer then asks to purchase the
insurance.
The insurance is sold, and a policy number is returned.
This is added to the overall trip, and the sale is completed.
Agency
Create Select Complete
Trip Insurance Sale
InsuranceService
Shop for Sell
Insurance Insurance
Of course, it’s not really that simple. Each step of the process at this level
can be broken down into another level of detail. Let’s look at the activities
involved in shopping for an insurance product, as illustrated in Figure 13-9.
Note that this is not a ‘‘subprocess,’’ which is really no more than a notational
convenience supported by some tools. Often, a subprocess has no formal
interface and can’t be effectively reused. It is better to use separate processes
so that they can be reused and it is clear who is responsible for them.
Shopping for insurance involves the following activities:
Shop — The initial invocation of the insurance service. This is
responsible for orchestrating the rest of the activities.
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
510 Part III ■ Case Studies
Agency
Create Select Complete
Trip Insurance Sale
Insurance Service
Shop for Sell
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Insurance Insurance
Insurance Service
Determine Create
Shop for Best Product
Insurance Products List
Channel Management
Get Channel
Preferences
Trip
Calculate Trip
Value
Products
Get
Products
Pricing
Calculate
Price
To further illustrate the service concepts, you can represent the insurance
service group somewhat differently. Figure 13-10 shows the insurance service
group at the top center. The services that support the channel are listed on the
left (next to the channels) and the services that support the vendors are shown
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 511
Insurance
Hollis.com Shop Services
Content Insurance
Vendor 1
Quote/Sell
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Agencies Policy
Modify/ Insurance
Cancel Vendor 2
Web Sites
Price Rules Product
Insurance
Branded Vendor n
GUIs
Customer Trips Vendor Mgmt
Profile Create View Contracts
on the right (near the vendors). The common services that are used in the
process are shown below insurance. To keep things simple for the example,
we have not shown all the different services or possible interactions.
Finally, to complete the illustration, you map the process view to the service
view. Figure 13-11 shows how the quoting process is implemented by the
different services:
Shop — This is the insurance service that we are demonstrating.
Get Channel Preferences — Uses the ChannelManagement Profile
Service.
Calculate Trip Value — Uses the Trip Value Service.
Determine Best Product — Uses the internal Rules Service (Domain
Service).
Get Products — Uses the internal Product Service (Domain Service).
Calculate Price of Products — Uses the internal Pricing Service (Domain
Service).
Create Product List — Done within the Shop Service itself.
The service decomposition can be continued. For example, each of the
previous services can be broken down into their internal steps and the services
that they call to perform them. We do not go into this level of detail now.
Copyright @ 2008. Wiley.
But you might ask, why bother with these drawings in the first place?
When doing an SOA project, there are several things that you potentially
need to accomplish. First, you need to collect and understand the business
requirements. The business context model is one tool that you use for that.
Next, you need to communicate what you’re doing to the business and to
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
512 Part III ■ Case Studies
Insurance
Shop Services
Content
Quote/Sell
Policy
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Modify
Insurance Service
Determine Create
Shop for Best Product
Insurance Products List
Channel Management
Get Channel
Preferences
Trips
Calculate
Trip Value
Product
Get
Products
Pricing
Calculate
Price
IT. In many cases, these groups are not familiar with SOA concepts and may
have difficulty understanding or imagining the solution. We find that these
conceptual diagrams are very effective in helping to communicate the concepts
and to get everyone on board and on the same page. Finally, you need to design
the services themselves. For that, you need a more formal approach.
Use Cases
You start the formal definition of your problem with use cases. Figure 13-12
shows the use cases involved in selecting and purchasing travel insurance.
Figure 13-13 shows the use cases associated with the insurance vendor. For
brevity we have not included all of the use cases associated with establishing
the different channels.
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 513
Select
Vendor Shop by Trip
Agent
Shop
Shop by Item
Web Site
View Trip
Sell <<extend>>
<<extend>>
OTA View Quote
<<extend>>
View
<<extend>>
Email View Policy
Modify <<extend>>
<<extend>> View Payment
Cancel Refund
Establish
Contract
Quote
Provide Content
Sell Vendor
Dynamic Product
Modify
Payment
Copyright @ 2008. Wiley.
Settlement
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
514 Part III ■ Case Studies
Shop by Trip
Trip
Request Insurance Shop by Trip
Trip
Determine Price
Product List
Product List
Calculate Price
<<documents>>
View Products
Copyright @ 2008. Wiley.
End
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 515
complexities of trip pricing. The knowledge lies with the Trip Service.
So, you design the interaction for insurance to call the trip service to
determine the price of the trip.
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
4. Now, you need to find insurance products that support that price range.
The price banded products are preconfigured. The Insurance Service
calls the Product Service to find acceptable products.
5. Almost done. You still have to determine the final price of each poten-
tial product. This is done based on relationships with the vendor and the
channel. Again, the main insurance service does not want to be respon-
sible for knowing these things. Instead, it calls the Pricing Service whose
purpose is to isolate this responsibility.
6. Finally, a list of potential products and their price is returned to the
agent requesting it.
The initial scenario diagram should walk through the use case descriptions
and describe the sequence of events that take place. First you create an initial
scenario for all of the related use cases (shop, sell, view, and modify). Then,
you look for commonality between them, factor that out, and add an additional
level of detail that emerges as you work through the use cases.
Working through the initial scenarios, reveals that some important infor-
mation is missing. You don’t know enough about the channel to calculate
the price. You also don’t know anything about the customer, missing the
opportunity to meet the business goal of improving customer experience. You
address these new found requirements in the detailed scenario diagram.
Note that Figure 13-14 uses object flows between actions to model the
exchange of documents between the processing steps. Furthermore, in
the case of the ProductList, a datastore node is introduced in order to
indicate that the state of the document has been changed by the action. These
are the requirements for proper UML2 design; however, they do add a bit
of complexity to the diagram. Figure 13-15 shows the detailed ShopByItem
scenario where we have taken some liberties with UML and labeled the control
flow with the information that is exchanged, for illustration purposes only, to
reduce clutter of an already busy diagram. The ShopByItem scenario works as
follows:
1. The scenario starts at the call to ShopByItem. We have removed the cus-
Copyright @ 2008. Wiley.
tomer actor from the diagram because it did not add anything.
2. The first step in the process is to determine the preferences (if any) of
the customer and to determine the preferences and requirements of the
channel. These activities can be performed either sequentially or in par-
allel as we have illustrated them.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
516 Part III ■ Case Studies
Shop by Item
Insurance Service Customer Service Channel Management Product Service Vendor Price Service
Start
Trip
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Shop by Item
Customer
ID Get Profile
Determine preferences
Channel ID
Get Profile
Customer Profile
Channel Profile
Process Trip
No
Insurable?
Yes
Trip Item
Get Products Get Profile
Insurance product Trip Item
Exists? No
Get Profile
Yes
Insurance product
Exists
Yes
Add to Insurance
Insurance Item List
Describe Product
Insurance Item List (priced)
End
4. For each insurable item, you first go to the insurance product service to
see if there are any preconfigured products that support it. If not, you go
to the next step.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 517
5. If there are no preconfigured items, you make a call directly to the insur-
ance vendors and see if they want to offer insurance for a particular
item. For example, to a traveler who is going to Florida in June, they may
choose to offer special ‘‘Hurricane Insurance.’’
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
N O T E Here is another design decision. You could call the Pricing Service after
each product is discovered, and then add the priced items to the list. Instead, we
built the list of unpriced items and passed the entire list to the Pricing Service in a
single method call. This is a common pattern for reducing service invocation
overhead.
Enterprise Context
Before you get much further in the design, you need to understand the
enterprise context that the SOA architecture fits into. This context influences
the design of your solution, services, and documents. First, you need to look
Copyright @ 2008. Wiley.
at the overall solution in order to define service policies. Then, you need to
look at the context in terms of service responsibilities and the information that
is passed through service interfaces.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
518 Part III ■ Case Studies
Solutions Architecture
The insurance services are intended to support overall enterprise solutions.
Those solutions should conform to an application architecture style, such as the
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
n-tier style described in Chapter 9. Figure 13-16 illustrates how the insurance
services fit into the n-tier architecture.
The scope of Hollis is delineated by the solid lines in the figure. The
boundary between tiers is delineated by the dashed lines. So immediately, it
is clear that Hollis does not provide any of the user-tier presentations.
In the workspace tier, Hollis provides a variety of services to support inter-
action with the channels. Application services are used to manage channel
preferences and provide user/channel specific logic such as document pre-
processing. Distribution services are used to manage session state, perform
authentication and authorization, and so on. Utility services provide com-
mon discrete business functions, such as airport code lookup. The user and
workspace tiers are not the focus of this example.
On the right of the figure are the external insurance vendors. Connectivity
to these vendors is achieved through the use of integration services in the
resource tier. Again, these are not the focus of this example.
The common services and insurance services described in the conceptual
architectures (see Figures 13-2 and 13-10) and that are the focus of this example
reside in the enterprise tier. Recall that the enterprise tier is responsible
Insurance Services
Integration
Modify/
Service
Common Services
Integration
Service
Channel Mgmt
Custom
Presentations Utility
Integration
Service
Service Add-On
Vendor Mgmt Vendor
Foundation Services
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 519
the responsibility for enterprise integrity, so now let’s look at the design of
security for this example.
In Chapter 11, we discussed many of the security goals that may need to be
addressed in an SOA implementation — authentication, authorization, confi-
dentiality, integrity, and non-repudiation. The requirements of each security
goal dictate a solution or set of solutions that can be used and that affect the
overall SOA design for this case study.
Authentication
In looking at authentication, you need to look at those parties who interact
with the services in the scenario. For each, you need to ask whether or not you
need assurance of identity, and if so, you need to determine how to do this.
It is helpful to write out all of the parties of the scenario that may need to be
authenticated. In this case, you need to identify the agent using the services,
the channel used to connect to the services, the insurance companies with which
the services communicate, and the services themselves. Specifically:
The agent using the system needs to be identified by the channel to deter-
mine if the agent has permission to use the services, and it must be iden-
tified to the travel services (Hollis) for auditing purposes. Since the agent
uses a particular channel (web site or application) that communicates
with Hollis, the agent must authenticate him- or herself with the channel.
The channel used to communicate with Hollis does the authentication
of the agent, and since it needs to vouch for the identity of the agent, it
needs to have a trust relationship with Hollis. In this relationship, the
channel needs to provide a strong assurance of its own identity.
The insurance companies with which Hollis interacts need to prove their
identity in order for Hollis to trust the transactions.
The services themselves (Hollis) need to prove their identity, in order to
be trusted by the channel (and therefore the agent) and insurance com-
panies with which they communicate.
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
520 Part III ■ Case Studies
Mutual
Authentication Mutual
Authenticates to Authentication Insurance
Channels Services
Companies
Vouches for Agent
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Agent
that take place between Hollis and the insurance companies must occur over
a mutually authenticated connection.
In summary, there are several points of authentication:
Between the agent and the channel — The agent must authenticate
to the channel in order to use Hollis’s travel services. For many busi-
ness domains, there may be common authentication and authorization
services that can be used by all applications involved in the interac-
tions (for example, a PKI, a central LDAP directory, and/or a Security
Token Service (STS) trusted to issue tokens that vouch for identities).
Here, it is assumed that this may be the case sometime in the future
for these services. In the current situation, however, there is no such
environment, and each channel’s authentication process is specific to
its capabilities and individual security requirements. Therefore, Hol-
lis does not have control over the authentication process between the
agent and the channel, so how this is implemented is up to the par-
ticular channel. Hollis however, must trust the channel to authenti-
cate its users, and as the channel maintains ownership of its authen-
tication process, it is responsible for any security violations. In such a
scenario, the owner of the services should dictate minimum authentica-
tion requirements for its channels. In this case, Hollis requires that the
minimum security requirements are username/password over SSL.
Between the channels and Hollis — The channel must authenticate
itself to Hollis and vouch for the identity of its agents. Because a ‘‘global
identity’’ of the agent is not used by the travel industry, the channel-
specific identity of the agent is sufficient. The services, therefore, must
trust the channel to correctly vouch for the agent’s identity, so a trust
relationship must be in place. The agent’s identity needs to be known
by Hollis for auditing purposes. The authentication mechanism also
depends on performance requirements. In looking at the requirements,
there is heavy traffic between the channels and Hollis’s services. There-
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 521
Authorization
For authorization, you follow similar steps to flesh out the requirements.
For example, you may need to know if the parties in the scenario have
authorization requirements. Specifically, do agents, channels, or insurance
companies have special privileges or security roles that allow them to do
Copyright @ 2008. Wiley.
certain things? In such a scenario, if this were the case, Hollis would typically
have an entitlement service containing attributes of subjects, or a policy server
or database conveying access control policies.
Some state governments require agents to be licensed to sell insurance, so
only certain agents are permitted to do so. Agencies typically have supervisors
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
522 Part III ■ Case Studies
who can see everything, whereas individual agents are limited to their own
sets of transactions or customers. It may be possible, in the next generation of
services, to create a security infrastructure for both authentication and autho-
rization, providing security services that allow the travel industry (channels
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Confidentiality
Because sensitive information is transferred between all points in the scenario,
it is important that some of the information be encrypted. In looking at
the requirements, you can see that the travel business is very data- and
transaction-intensive, with requirements for high transaction rates. For this
reason, the solution needs to be very performance conscious, so whatever
would be adequate for security with minimal impact on performance is the
best choice.
Since you are using mutually authenticated SSL between all of the points
in this solution, this covers confidentiality, but it is important to note that
there is a performance impact. As mentioned in the authentication section,
you can establish long-lived SSL connections between the nodes in the solu-
tion, eliminating the need for repeated computationally expensive public key
cryptography for session key negotiation each time. In addition, the budget
allows you to invest in cryptographic accelerators that offload the performance
burden.
signed, providing legal proof that can be validated by a third party. This means
that the insurance companies must digitally sign the responses to requests,
providing such a proof. These signed documents may be stored for archive
by Hollis, providing legal proof, and can be returned in the responses of
messages to the channels. In doing so, WS-Security SOAP Messaging is used
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 523
between Hollis and insurance companies, with the insurance companies using
XML Signature to digitally sign purchase receipts (signed using an enveloped
signature, where the purchase request, complete with its signature, can be
returned to the channel). WS-Security SOAP Messaging is used between the
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
SSL SSL
Mutual Mutual
Authentication Authentication
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
524 Part III ■ Case Studies
Digitally signed receipts are stored by Hollis and copies are sent back,
through the channels, to individual agents.
SSL connections between each point are configured to be long-lived con-
nections, to support SSL session key reuse for performance reasons, and
all cryptography is offloaded onto hardware appliances.
This security design meets the current requirements, but more importantly, it
accommodates future enhancements. With the success of this system, it is antic-
ipated that a formal authentication and authorization infrastructure will be
established for partner channels, providing authentication services for clients
and allowing Hollis to provide specific authorization at the transaction level.
The messaging security accommodates such a change by utilizing WS-Security
SOAP Messaging and by propagating identity using the WS-Security SAML
Token Profile. Any changes to such an infrastructure does not change the mes-
saging security, but instead may require modifications to Hollis’s interceptors
providing the access control.
The next part of the enterprise context that needs to be considered is the
overall set of services.
Service Inventory
The service inventory lays out the overall set of services and their relationships
to each other and the overall enterprise goals. You can think of the service
inventory as a ‘‘responsibility map’’ of service interfaces. It should clearly
describe the overall set of services and what responsibilities the different
service groups perform and don’t perform. Figure 13-19 shows a partial ser-
vice inventory for the travel insurance project.
The inventory helps you make decisions about what capabilities to include
within your service implementations and what capabilities you should expect
to be performed by another service. For example, the Trip service group shows
that it is the responsibility of the trip service to add items to a trip. So, although
you have allowed the users of trip information to understand some details of
a trip (such as what the individual items are as discussed previously), you do
not allow them to modify the trip. If you want to add items to a trip, you must
call the trip service to perform that task.
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 525
Utility Services
Foundation Services
about each service, as contained in the service specification and stored in the
repository.
Entity Diagram
The other important part of enterprise context is the information that is
shared between services. Here, you describe the main entities involved in the
business domain and their relationships. The model keeps things at a high
level and generally does not describe the details of each individual entity. The
model is constructed through a combination of internal domain knowledge,
reverse engineering of existing systems, and industry standards. For example,
standards from the Open Travel Alliance (OTA) define specific schema for
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
526 Part III ■ Case Studies
Traveler
Name
Address
Nationality
PassportNumber
Customer Language
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
BirthDate
Occupation
MaritalStatus
Group
InsurancePolicy
Code Trip
Beneficiary InceptionDate Name
ExpirationDate Description
NumberInsured Character
Cost Operator
Payment
Type
DepositDate
Total
Origin
Date
PCC
InsuranceItem
to a Trip in that a Trip can have an Insurance Policy. It is not possible (at least
in this model) to have a Policy without a Trip.
The diagram shows that a Trip is composed of Trip Segments (or Items), and
that each segment can be insured with an associated Insurance Segment. Seg-
ments contain Transportation, Lodging, and other Add-Ons (theatre, golf, etc.).
Each segment has an Origin, including the origin Date, and a Destination,
including the Destination Date. It is important that these dates correspond to
the Inception and Expiration Dates of the insurance segment.
A Trip has a Primary Traveler and zero or more Additional Travelers.
Each traveler is related to the Customer, who ‘‘owns’’ the trip but may or
may not be the same. The Insurance Policy has a Beneficiary who has a
‘‘beneficiary’’ relationship to the Primary Traveler. Again, the Beneficiary may
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 527
Information Model
The semantic information model provides the next level of detail after the
entity model. In a sense, it is a refinement of the entity model. The model
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
528 Part III ■ Case Studies
The specific details about every model element are stored in a repository
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Figure 13-21 is an example from the information model showing the details
of the insurance policy. Remember that at this level you are still describing
the information that is passed between services and described in the service
interfaces, that is, the semantic information model. You are not yet identifying
the details of the internal implementation information.
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 529
Agency
ProductPlan Code Agent
Name
Code Address Name
PCC ID
IATA
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
InsurancePolicy
Code Vendor
InceptionDate Preferred Vendor
Number
ExpirationDate Hyperlink
NumberInsured
Tax Payment
Type Type
DepositData Voucher CreditCard
Rate Total
Amount Number Number
Locality Name
ExpiryDate
PIN
Address
Commision AuthorizationCodee
Amount
Document Model
Because you need to establish and maintain a link between the information
model and the documents (which are based on it), it is sometimes useful to
create a diagram that lists all of the different documents. Although this is an
optional diagram, we find it useful for a number of reasons:
It helps you keep track of all the documents that you need to specify.
By looking at the overall set of documents, you can identify potentially
redundant documents that perhaps can be merged or simplified.
Figure 13-22 is an early document model for the travel insurance. Essentially,
as you work through the use case scenarios and identify information flow and
documents, you add those documents to the model. The left and center columns
are the documents identified in the two scenario diagrams (see Figures 13-14
Copyright @ 2008. Wiley.
and 13-15).
The right column lists an additional set of documents. These are documents
designed by the OTA industry standards organization. These essentially
represent constraints on the design of the interfaces because you are required
to use them for interaction with the insurance vendors and channels.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
530 Part III ■ Case Studies
<<OTA Document>>
InsurancePlanSearchRQ
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
<<Document>> InsurancePlanSearchRS
Trip
<<OTA Document>>
<<Document>> InsuranceQuoteRS
<<Document>>
InsuranceProduct ProductList
<<OTA Document>>
<<Document>> <<Document>> InsuranceBookRQ
InsuranceItem ItemList
<<OTA Document>>
InsuranceBookRS
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 531
<<Document>>
<<exception>>
Trip
NoAvailableProducts
<<Operation>> <<Document>>
ShopByItem ItemList
SystemExceptions
of the new functionality yet). So, the diagram includes a third operation for
OTAInsurancePlanSearch, with its associated documents.
The service interface diagram gives you a graphical way to evaluate the
complexity of the service operation, and the cohesion. For example, it is normal
to see multiple operations that support the same input and/or outputs.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
532 Part III ■ Case Studies
Notice that in this example, all of the inputs and outputs are documents. You
first define the documents in the document model (refer to Figure 13-22) and
then include them in the interface definition model. If you discover an interface
that doesn’t have a document defined for it, you don’t add the document to
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
the interface diagram. Instead, you add it to the document model, and then
include it in the interface diagram. This keeps your model organized and
prevents you from duplicating or forgetting about documents.
In the design of the service interface, we made a few design decisions.
Should there be one service that contains all of the Shop, Quote, Sell, and
Modify operations, or should each of these be a separate interface? We
decided on separate interfaces for a few reasons. First, the interface started to
get crowded when we added all the different variations of these operations
to it. We find between four and seven is a pretty good rule of thumb for the
number of operations on a service interface. Second, we wanted to align
the service capabilities with the OTA request and reply messages.
Service Interactions
There is one more thing to check about your service design. You need to
understand the dependencies (coupling) between this and other services. For
this, you use a service interaction diagram, as shown in Figure 13-25.
This shows the different services, both those within the Insurance Service
Group and the common services that are required to implement the Shop,
Quote, Sell, and Modify scenarios. We look at these scenarios together because
they are all related.
What you’re looking for is complexity. You want to keep the service
interaction simple and certain kinds of services, particularly entity services,
independent. The services in Figure 13-25 have a fairly low level of complexity
and a minimum of unnecessary dependencies, so we are happy with the
interface design and can now move on to the document design.
<<service>> <<service>>
<<service>>
InsQuoteSell InsModify
InsShop
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 533
Document Design
It is critical that the documents be defined based on the semantic informa-
tion model. The best way to do this is to derive the documents definitions
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
directly from the semantic information model. Keep in mind that the infor-
mation exchanged between consumers and providers should be limited to the
minimum required. This keeps the interchanges short and avoids exposing
information that is not needed or should not be known.
You use a marking technique to illustrate how this is done. Figure 13-26
shows a simplified subset of the insurance policy information model that is
part of the InsurancePolicy document.
In this case, the InsurancePolicy is the root of the document (identified
by the double box surrounding it), and it contains three elements: Benefits,
Exclusions, and Premiums. It also contains a reference to another major entity,
the Vendor. During the layout of the document schema, a design decision was
made. You could have passed the vendor information either completely (by
value), or as an identifier (by reference). We choose to pass by reference to
both reduce the amount of data that needs to be passed, and to reduce the
coupling needed around vendor information. Note that this is not the same
as passing an object reference in object-oriented systems. In this case, the ID
can be used by the recipient to retrieve information about the vendor from
InsurancePolicy
Code
InceptionDate Vendor
ExpirationDate Preferred Vendor
Number
NumberInsured Hyperlink
TripCancelDate
Amount Number
Locality Name
ExpiryDate
PIN
Address
Commission AuthorizationCode
Amount
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
534 Part III ■ Case Studies
Service Specification
The service specification may consist of a text document, such as the example
illustrated in Chapter 6 (but not shown here), which is generally intended for
the service consumer, and a formal model, as shown in Figure 13-27, which is
intended for the service implementer. The service specification is described in
terms of a UML collaboration for each service operation.
The model contains two parts. The main top box (labeled ShopByTrip) is
the collaboration. It indicates that the InsShop service implements the InsShop
interface (top-left component). In addition, it uses the Trip, InsProduct, and
InsPrice interfaces. These two different types of interfaces are known as
provided interfaces and required interfaces. In other words, the InsShop
service provides the InsShop interface and ShopByTrip operation, and requires
(uses) the Trip, InsProduct, and InsPrice interfaces. You may not know how
those interfaces are implemented (nor should you care), so they are illustrated
as components that realize the required interface roles.
Of course, there is more to it than that. There is a specific protocol associated
with the interaction of these interfaces within the collaboration. The protocol is
specified by an activity diagram (the bottom half of Figure 13-27). The diagram
illustrates the sequence of the interactions, the operations that InsShop calls
on each of the other services, and the input and output provided by each (note
that the output names have been suppressed, but they are part of the model
data). The activity diagram is associated with the collaboration. This is indi-
cated by the circle with the + inside of it on the bottom of the collaboration
box, and the line that attaches the collaboration to the activity diagram. This
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 535
ShopByTrip
insshop : InsShop
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
insshop : InsShop
insproduct : InsProduct
insproduct : InsProduct
trip : Trip
trip : Trip
inspricing : InsPrice
inspricing : InsPrice
shopByTrip
trip <<target>>
Get trip value
:Trip
trip getValue
<<target>>
Search for products
:InsProduct
trip getProductinfo
Implementation Layers
The implementation design should follow the layered approach containing
the interface layer, business logic layer, and resource access layer. Within
each layer, components are used as the basic unit of software construction.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
536 Part III ■ Case Studies
<<component>> <<component>>
Authorization SyntacticValidation
authorize ( ) validate ( )
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Interface Layer
Business Layer
<<component>>
Logging
logDebug ( )
logWarning ( )
logError ( )
logProductList ( )
Figure 13-28 shows a diagram that lays out all of the implementation
components for the ShopByTrip operation. We have superimposed the imple-
mentation architecture layers on top of the UML.
The interface layer contains components for authorization and syntactic
validation. The business layer contains the main ShopByTrip component as
well as components that encapsulate the interaction with other services. The
Trip component is used to make a call to the Trip service. The Product
component is used to make calls to the InsProduct service to get the product
list, and the InsPrice service to calculate the price. It also performs the internal
function of formatting the priced productList for return. Finally, the resource
layer contains the logging component that is used to log error information
and to log a record of productLists that are returned by the service. No data
resources are used directly by this service operation.
Operation Procedure
The final step (for this operation at least) is to define the control and data
flow of the operation implementation. Again, an activity diagram is used
Copyright @ 2008. Wiley.
for this purpose, as shown in Figure 13-29. The diagram is broken into
three partitions to illustrate the layered architecture approach. These are for
illustration purposes and do not represent collaboration roles.
The operation starts in the interface layer when the ShopByTrip call is
accepted. The first step is to verify that the user is authorized to perform this
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 537
ShopByTrip Operation
ShopByTrip
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
getTripValue
ShopByTrip <<result>>
trip [valued]
getProducts
authorize
<<result>>
<<result>>
productList [initial]
authorization
validate getPrice
<<result>> <<result>>
trip [validated] productList [priced]
<<result>>
productList [formatted]
(via an object flow) to the input of the next action getProducts, which
corresponds to the getProducts operation of the Product implementation
component. The flow continues through the getPrice action and on to the
createList action, which is the last step in the logic layer. Here, two steps are
performed in parallel. The formatted productList is passed to the interface
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
538 Part III ■ Case Studies
layer for return to the requestor (via the SendReply reply action). At the same
time, the productList is passed on to the logging component in the resource
layer for auditing purposes.
What remains is to define the operations’ procedures for the rest of the
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
InsShop service interface, and then to define the interface, documents, and
implementation for the rest of the insurance services. We leave that for
another day.
Summary
In this chapter, you looked at an actual service scenario from the travel industry
to illustrate the design concepts of the book. First, you start with the business.
In this case, we used several different business architecture artifacts, including
a value chain, a context diagram, and a business motivation model.
Next, you refine the business model into business process scenarios. You
looked at several related scenarios to maximize the opportunity for shared
behavior and information, which are first-class candidates for services.
But, services don’t exist in isolation. They are part of an overall solution and
must be seen within the larger enterprise context of all services. You use an
established architectural style, such as n-tier, to describe the overall solution
and to position the insurance services where they belong in the enterprise
tier. Then, you analyze the interaction between the parties to determine
the security implementation and policies for the application. Next, you use the
service inventory as a way to map responsibilities of services and service
groups and get an overall picture of all the enterprise services and their
relationships. You also use the common semantic information model as a way
to formally define the common information shared across these services.
Then you are ready to define individual service interfaces. Here, you rely on
use cases to express the requirements, and elaborate the use cases in scenarios.
First, for each use case, you create a high-level scenario, and in the process
of looking at all the use cases together, you identify additional requirements,
and common behavior and information. You factor this new information into
a more detailed set of scenarios.
Each of the actions in the detailed scenarios is implemented as an operation
on a service. The information flowing into and out of the actions is implemented
as documents. You set about organizing the operations and documents.
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
Chapter 13 ■ Case Study — Travel Insurance 539
Finally, you provide the design for the implementation of each service oper-
ation in a technology-independent fashion that conforms to a three-layered
implementation architecture. The specification is created in terms of a collab-
oration showing provided and required interfaces and protocols, a diagram
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost
All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Copyright @ 2008. Wiley.
EBSCO : eBook Collection (EBSCOhost) - printed on 12/3/2018 7:29 AM via UNIVERSIDAD TECNOLOGICA DE CHILE INACAP
AN: 234659 ; Rosen, Michael.; Applied SOA : Service-Oriented Architecture and Design Strategies
Account: ns076602.main.ehost