Sunday, January 30, 2011

DoD Interoperability Through Web Services?

Any Web Service can be accessed anywhere over any Internet or any Intranet link. For accessing Web Services one must rely on a standard web browser and on standard ways of writing code to render a Web Service executable at any of the millions of personal computing devices in DoD.

Web Services offer large economic advantages.  A variety of Services can be retrieved and re-used. Several Services can be combined into innovative web applications (“mash-ups”). Services can be updated and maintained in pooled servers to reduce latency.

Web Services can be used without installing application software to millions of technologically diverse computing devices. If an enterprise design allows divers desktops, laptops or smart phones in different organizations can start cooperating without people-assisting intermediaries.

Web Services make it possible for technologically different user devices to operate across technologically completely different communications infrastructures. Web Services allow technologically different generations of servers to share databases that can also operate in legacy environments.

With DoD’s >700 data centers, >15,000 networks and >3 million personal devices it is possible that interoperability can be achieved from any to person to any person – provided that enterprise standards are strictly enforced.  Unfortunately, DoD does not have actionable standards in place. Therefore interoperability across more than 7,000 major application “silos” is not feasible at this time, which makes this condition a hindrance in the pursuit of information “dominance”.

The enterprise reuse of Web Services depends on the ability of systems to describe and publish what functionality is available to customers. That is why a Web Service Registry is essential. Such Registry would allow DoD components to organize access to the available Web Services. Such a Registry would provide the means for publishing, then discovering and finally accessing the available Web Services.

A Web Service registry must comply with the Universal Description Discovery and Integration (UDDI) standard. * A Web Service Registry is a compilation of information in the form of Web Services Description Language (WSDL). ** These are standards set up by international consortia for adoption of product-independent standards. UDDI and WSDL describe Web Services and how they can be used.
The UDDI supports the description, publication, and discovery of any organization that offers a Web Service. It describes what services are available. UDDI defines the technical details how to access such services. UDDI defines how services are organized. UDDI data also explains how data is structured and how the data models are stored. Search and lookup entries are identified. Publish, delete and update events are delineated.  A DoD UDDI Registry would include information about each component, such as what MetaData is available at each Web Service, what is the identification of business processes, what are the platforms on which applications operate and what are the various access protocols.

WSDL provides a model as well as XML formats for describing what a Web Service offers. A service description in WSDL separates functionality from details such as how and where the service is offered. While the abstract description includes types and an interface, details include bindings, which include available implementations of the interfaces at point-of-use.

The adoptions of UDDI and WSDL are essential but only partial steps towards DoD interoperability. To obtain a systems architecture that meets the challenges of information warfare DoD has to put in place many other standard methods, though the adoption of web services is by far the most preferred approach for ultimately achieving enterprise-wide interoperability of computer-based communications.

To deliver interoperability will require the institution of a diversity of additional practices, which are an integral part of the Service Oriented Architecture (SOA). Most likely there will be applications in DoD that will never appear as a Web Service. There are still many issues that need resolution, especially with regard to governance, that will inhibit further progress. The absence of enforceable guidelines from the Office of the Secretary or a commitment from USCYBERCOM are still lacking at this time. What is missing is an uncompromised approach to achieve strict standardization for all applications. When syntactic, semantic, and organizational interoperability of information systems will be achieved is presently not visible in any programs.

The efforts launched in DISA under the Net-Centric Enterprise Services (NCES) in the last six years were a promising start, but have not resulted in much progress. NCES has now been terminated.
Web Services offer: Reduced cost of maintenance; Reduced cost of new development; Agility to respond to new business needs; Reuse of Legacy Systems; Abstraction and isolation of any platform dependence; Cost-benefit analyses for trading off legacy reuse, legacy migration, and new development.
Web Services make it possible to break systems into loosely coupled applications and infrastructure elements. This decreases the attack surface and enhances security.

DoD cyber operations require real-time sharing of data across all Components.  For this reason most applications and all critical data will have to become available by means of Web Services. There are no other known options for achieving that.