Professional Documents
Culture Documents
Framework
for e-business
by G. Flurry
W. Vicknair
8 FLURRY AND VICKNAIR 0018-8670/01/$5.00 © 2001 IBM IBM SYSTEMS JOURNAL, VOL 40, NO 1, 2001
Application frameworks 1 are becoming increasingly ● A platform for developing, deploying, and manag-
important for developing complex applications, be- ing e-business solutions for a number of business
cause these application frameworks help application domains
designers deal with complexity by allowing the de-
signers to “capture the essence of successful patterns, The process of creating an e-business application
architecture, components, policies, services, and pro- with the Framework begins with the classification of
gramming mechanisms.” 2 As a result, applications the type of interaction necessary for the business do-
are “correct, portable, efficient, and inexpensive.” 3 main. Within the Framework these classifications are
An application framework describes a set of inter- called patterns for e-business. Each pattern suggests
acting components and services available to an ap- a set of application frameworks that can be used to
plication, describes the responsibilities of compo- create the application. Choosing an application
nents and services, and describes the interactions framework involves decisions about the requirements
between the components and services. A developer listed above. The implementation uses the appro-
creates an application by composing and extending priate aspects of the general application framework.
the components and services available in the appli-
cation framework. This paper describes these aspects of the Framework,
with a focus on technical aspects of the application
programming model, showing how they contribute
The IBM Application Framework for e-business 4
to meeting the requirements of e-business applica-
(henceforth called the Framework) is a cross-IBM ini-
tions. The paper also briefly describes some of the
tiative providing a very powerful, comprehensive set
ways in which the Framework is evolving under IBM’s
of open standards, services, and products that ad-
direction to keep pace with the rapidly evolving re-
dress the requirements of e-business applications. quirements for e-business. Finally, the paper dis-
The goal of the Framework is to enable businesses, cusses related work.
large and small, to quickly and easily build and de-
ploy a broad spectrum of robust, secure, scalable,
manageable, interoperable, and portable e-business The Framework system model
applications. The Framework defines a system model 5 that sup-
ports the design of a broad range of Web-oriented
Application frameworks typically address specific e-business applications that meet all the require-
business domains, such as manufacturing or finance. ments mentioned previously. The multitier stan-
The intent of the Framework, however, is to address dards-based e-business system model of the Frame-
all of e-business and so span multiple business do- work (see Figure 1) contains the following elements.
mains. Thus, the Framework may be considered a
foundation application framework, with guidance for Clients are implemented with industry-standard tech-
e-business application development at two levels: nologies, interact with the user, and communicate
first, an application framework for e-business appli- with a middle tier via standard protocols, and send
cations in general and, second, a set of application and receive standard data formats. The Framework
frameworks for domain-specific e-business applica- features the “thin client” to improve manageability,
tions. flexibility, and time to market.
To achieve the fundamental goal of a foundation ap- Middle tier servers include a standards-based Web
plication framework, the Framework defines: server for interacting with the client tier and defin-
ing user interaction, and include a standards-based
Web application server for executing business logic
● A system model that structures the fundamental independently of the client type and user interface
topology of e-business applications for a broad style. The middle tier servers incorporate several ap-
spectrum of business domains plication integration technologies for communicat-
● An application programming model, based on the ing with applications, data, and services in other tiers.
system model, for designing e-business applica-
tions, including an architecture that supports a The enterprise information system (EIS) tier includes
broad spectrum of business domains, and archi- new and existing internal applications, services, and
tectures that support a number of business-spe- data, and also external applications, data, and ser-
cific domains vices from new and existing business partners.
EXTERNAL
WEB APPLICATIONS,
APPLICATION SERVICES
SERVER AND DATA
DESKTOP
APPLICATION
WEB SERVER
APPLICATION
APPLICATION INTEGRATION
INTEGRATION
INTERNAL
BROWSER APPLICATIONS,
SERVICES,
AND DATA
OTHER DEVICE
The network infrastructure ties the tiers together and tions, the Framework application programming
connects them to the Internet and extranets using model, or APM, describes the details of how to de-
standard protocols and data formats. The network sign e-business applications according to the struc-
infrastructure also provides functions such as service ture suggested by the system model. The APM has
location, security-related capabilities such as user au- multiple levels. At the highest level, the Framework
thentication, and technologies to improve scalabil- supplies patterns for e-business, proven end-to-end
ity. patterns that are appropriate for solving problems
in common business domains.
Systems management implies that the elements of the
system model are manageable. System management At a lower level, the Framework supplies an archi-
provides functions such as capacity planning, change tecture that defines the services available to e-busi-
control, asset management, and security testing to ness applications and the relationships between the
enhance availability and lower maintenance costs, services. The services include application servers,
all based on industry standard techniques. network access, directory, and database. At the low-
est level, the Framework architecture defines the set
The characteristics imposed by the Framework sys- of parts that an application developer can use to com-
tem model help the Framework meet the require- pose the application and access the Framework ser-
ments of e-business applications discussed above. vices.
The Framework application programming Patterns for e-business. The Framework patterns for
model e-business 6 show how to take the Framework parts
and tie them together in proven end-to-end patterns
Although the Framework system model offers broad that are appropriate for solving classes of common
suggestions on the structure of e-business applica- business problems. The patterns for e-business in ef-
DATABASE
APPLICATION IIOP AND
WEB APPLICATION
CLIENT SERVER TRANSACTION
SERVICES
APPLICATION HTTP
CLIENT EJB APPLICATION
WEB SERVER
INTEGRATION
HTTP
THIN HTTP
SERVLET JSP E-BUSINESS
CLIENT
HTTP APPLICATION BUSINESS-
THIN SERVICES CRITICAL
CLIENT SERVICES
AND DATA
ENTERPRISE JAVA APPLICATION ENTERPRISE JAVA
WAP TECHNOLOGIES INTEGRATION TECHNOLOGIES
PERVASIVE
CLIENT
DIRECTORY
AND SECURITY
SERVICES
FIREWALL FIREWALL
DATABASE AND
TOOLS TRANSACTION
SERVICES
SYSTEM MANAGEMENT
● Application integration software provides access Application servers. The Framework application serv-
to existing data and applications. ers 15 provide the core services required to develop
● A network infrastructure that provides services and support the presentation and business logic of
such as basic network connectivity, directory, and e-business applications. The application servers in-
security is accessed via standard interfaces and pro- clude the Web server, which offers the capabilities
tocols. of a HyperText Transfer Protocol 16 (HTTP) server,
● Systems management functions accommodate the the Web application server, database services, trans-
unique management requirements of e-business action services, messaging services, mail and com-
applications across all elements of the system. munity services, and collaboration services.
● The e-business application services provide pre-
built, tested building blocks to facilitate the cre- The Web server coordinates, collects, and assembles
ation of e-business solutions. Web pages composed from static and dynamic con-
● Tools are used to help build, run, and manage e- tent and delivers them to clients. As such, it supports
business solutions.
the mechanisms for locating and invoking the con-
trol and presentation logic of the application. The
The following subsections elaborate on these ele- Web application server supports the execution of
ments of the Framework and identify the various much of the business logic of an application. To-
parts and the interfaces, protocols, and data formats gether, these servers offer the application developer
that they introduce. access to the other services in the middle tier.
JAVAMAIL™ JAVAMAIL™
RMI/IIOP
RMI/IIOP
JTA, JTS
JTA, JTS
JDBC
JDBC
JNDI
JNDI
JMS
JMS
JAF JAF
The Framework application servers adhere to an im- to database and transaction services. EJB offer de-
portant principle of the Framework system model, velopers some important benefits. EJB isolate the
namely the reliance on standards and, in particular, component developer from the unique characteris-
reliance on enterprise Java technologies. Reliance tics of the underlying database and transaction ser-
on enterprise Java technologies, especially in the vices, simplifying the development of platform-in-
middle tier, eliminates the dependence of the bus- dependent business logic.
iness logic on the underlying hardware, operating sys-
tem, and networking infrastructure, thus increasing Containers provide a federated view of the under-
portability and decreasing development and main- lying Framework services to the application compo-
tenance costs. nents. Containers transparently provide important
mechanisms such as life-cycle management, trans-
Figure 3 illustrates the use of enterprise Java tech- action management, security, resource pooling,
nologies in the Framework Web server and Web ap- threading, and state management by providing well-
plication server and introduces some of the most defined run-time environments that are aware of the
important parts in the Framework architecture: com- packaging and deployment characteristics of Frame-
ponents and containers. Components are created by work applications. The separation of components
the application programmer using and extending the and containers enables “late binding” of the appli-
appropriate enterprise Java technologies. The cation component to the Framework services at de-
Framework recommends that the Web server sup- ployment rather than development. Late binding en-
port “Web components,” i.e., Java servlets 17 and hances the portability, manageability, and reliability
JavaServer Pages** 18 (JSP**) components to provide of the application and facilitates team development
most of the user interactivity aspects of a Framework of e-business applications by isolating the various de-
application. Both JSP and servlets are more flexible velopment roles so that the respective domain ex-
and powerful alternatives to alternative technologies, perts can each focus on his or her own task. By
since they use platform-independent Java technol- depending on the mechanisms provided by the con-
ogies to efficiently leverage services in the middle tainer, the various components of the application cre-
tier. The Framework also recommends that the Web ated independently can adapt to one another and
application server support Enterprise JavaBeans** 19 the operational environment at run time, based on
(EJB) components to provide much of the business configuration information defined at deployment
logic of a Framework application, especially access time.
BROWSER CLIENT There are limitations to the thin client model rec-
ommended by the Framework. For example, thin cli-
JAVA APPLET CONTAINER
ents do not easily support highly interactive appli-
APPLET HTTP cations. The Framework supports other models as
HTTPS
well. For example, rather than going through a Web
JAVA 2, STANDARD EDITION
server, applets can connect directly to back-end ser-
vices for database access via JDBC. The Java appli-
cation client, which might be appropriate in intra-
net deployments, can interact with the user and
middle tier services in various ways to provide an
experience similar to typical desktop applications.
The extensible Framework security architecture ac- To enhance availability, the Framework offers the
commodates a range of authentication mechanisms, network dispatcher to balance the load between sys-
including user identifier and password, one-time pass tems, and offers various technologies for data rep-
tokens, secret-key cryptography (Kerberos Version lication and data backup.
5), and digital certificates based on public key infra-
structure 53 standards such as X.509. The Framework The highly scalable, shareable, and secure directory
includes single sign-on technology that enables users services of the Framework 58 provide central storage
to access Web resources and back-end systems us- for user and resource information and enable con-
ing existing user names, making it much easier to trol of users and resources in the network. These ser-
integrate with existing applications. vices are accessed via the industry standards LDAP
and JNDI. The directory support of the Framework
The Framework supports access control to imple- includes a standards-based LDAP client and server
ment businesses’ authorization and accountability that supports basic client authentication, mutual au-
policies. Security policy information is stored and thentication between the client and server via SSL,
managed via the directory service. Developers can and Simple Authentication and Security Layer, 59 a
use the Java Authentication and Authorization Ser- framework for adding additional authentication
vice 54 to authenticate users and assign and assess ac- mechanisms. The directory support uses a common
cess control privileges. directory schema that defines the rules by which ob-
jects are stored and retrieved in the directory; the
The Framework supports a variety of asset protec- common directory schema allows different applica-
tion mechanisms. It provides secure communications tions to share the same set of objects such as users,
protocols to protect user and application data, such groups, roles, and network policies so that the in-
as SSL for session-level security and VPNs via IPSec formation is not duplicated, and enables directory-
and related standards for network-level security. The enabled applications to be developed independent
Framework provides data protection and nonrepu- of a specific directory implementation. IBM is work-
diation services to protect stored data and store- ing with industry standards bodies such as the IETF
and-forward traffic with the Java Cryptography and Distributed Management Task Force (DMTF)
Extension, 55 the (Domino-based) IETF Secure Mul- to help define standard schema definitions.
tipurpose Internet Mail Extensions (S/MIME) 56 ; and
the Secure Electronic Transaction 57 (SET) protocol. Systems management. The Framework includes net-
work-centric systems management 60 services and
To address accountability, the Framework provides tools to manage the complete e-business application
logging services that log all attempts to access cor- stack, i.e., the applications themselves, the services
porate resources to ensure that the system is secure infrastructure and the systems upon which they run,
and to facilitate analysis of use patterns. Though and the network infrastructure that connects them.
many IBM products provide extensive logging and au- This can greatly reduce the cost of ownership for e-
dit, standards do not yet exist. IBM is working with business applications, and at the same time enhance
the appropriate standards bodies to create standards. reliability and availability. The systems management
architecture of the Framework is composed of the
The security services defined in the Framework al- following key elements. Management agents moni-
low centralized administration of information such tor and control resources used by an e-business ap-
as users, groups, and access control. The security ad- plication; managed resources and the associated
ministration is integrated with the system manage- agents exist in all layers of the application stack. Man-
ment of the Framework. agement applications analyze data collected from
agents and initiate commands to agents for problem
An e-business must ensure that application compo- resolution. A policy-based management framework
nents, networks, and data are protected with regard supports communication between agents and man-
The use of industry standards by the Framework al- Portals 86 provide a single integrated point of com-
lows many vendors to supply components, tools, and prehensive and ubiquitous access to information, ap-
services for the platform. For example, Web servers plications, and people. Portals represent the next
produced by IBM or Netscape Communications Cor- generation of integrated services and business pro-
poration can be inserted into the platform. This stan- cesses. Portal-specific enhancements include infor-
Web server, Web application server WebSphere* Application Server 66 in three editions
Application integration Component Broker and connector support in WebSphere Application Server,
Enterprise Edition; messaging and workflow are part of the MQSeries
family
Network services WebSphere Edge Server 71 provides proxy, load-based dispatching and
caching; Tivoli SecureWay* 72 provides firewall and other network services
Directory and security services Tivoli SecureWay family provides a highly scalable, robust directory server, a
PKI infrastructure, policy management tool, and single sign-on; IBM
Payment products 73 support SET
System management Tivoli 74 family provides a number of system, network, and application
management technologies and tools
e-business application services WebSphere BtoB Integrator 75 for linking business processes between trading
partners; WebSphere Business Components Mail Analyzer 76 for
categorizing mail and SanFrancisco* 77 for customizable business process
components for certain industries; WebSphere Commerce Suite 78 for e-
commerce; a number of products for knowledge management 79
mation services for aggregation, document manage- relevant Framework extensions as they become avail-
ment, search, and data mining; collaboration services able.
for expertise location; information access and inte-
gration services for categorization, content integra- Application hosting 93 refers to providing “rentable”
tion and personalization, workflow, messaging, and applications over the Web. The application hosting
application integration, and support of meta-data; services of the Framework are targeted at applica-
presentation services for customization of the user tion service providers (ASPs). ASPs represent an in-
experience and task management; system manage- creasingly important business model, since applica-
ment services for notification, logging, user registra- tion hosting benefits both customers, who can
tion, subscription, administration, and user work- concentrate on their core business processes while
space management. the ASP provides infrastructure support, and inde-
pendent software vendors because it creates new
Portal support will require the Framework to help channels for their applications and reduces the com-
define and implement additional standards such as plexity of developing the applications. The applica-
XML Query Language, 87 XML Schema, 88 and Com- tion hosting services of the Framework will enable
mon Warehouse Metadata Interchange 89 for data an ASP to obtain a lower total cost of ownership while
analysis and management. IBM products such as the providing a higher quality of service to the customer.
WebSphere Portal Server, 90 Enterprise Information The Framework will promote an open, shared host-
Portal, 91 and Lotus’s Raven 92 will incorporate the ing model with extensions to support the customer