BPEL (Business Process Execution Language) for web services, also WS-BPEL, (BPEL4WS) is a language used for the composition, orchestration, and coordination of web services. It provides a rich vocabulary for expressing the behavior of business processes. In this chapter, we introduce BPEL, define its role with regard to SOA (Service Oriented Architecture), and explain the process-oriented approach to SOA and the role of BPEL. We will also provide short descriptions of the most important BPEL servers — the run‑time environments for the execution of business processes specified in BPEL and compare BPEL with other business process languages. In this chapter, we will:
Discuss the role of business processes and their automation
Discuss business and IT alignment
Examine SOA, its concepts, and BPEL
Look at the SOA building blocks, such as services, Enterprise Service Bus, registry and repository, human task support, process monitoring, Rule Engine, and adapters
Mention SOA governance
Look at BPEL features
Distinguish orchestration and choreography
Examine the relationship of BPEL with other languages
Overview BPEL servers and SOA platforms
Discuss the future of BPEL
Enterprise applications and information systems have become fundamental assets to companies. Companies rely on them to be able to perform business operations. Enterprise information systems can improve the efficiency of businesses through the automation of business processes. The objective of almost every company is that the applications it uses, should provide comprehensive support for business processes. This means that applications should align with business processes closely.
A business process is a collection of coordinated service invocations and related activities that produce a business result, either within a single organization or across several organizations.
Although this requirement does not sound very difficult to fulfill, real-world situations show us a different picture. Business processes are usually dynamic in nature. Companies have to improve and modify, act in an agile manner, optimize and adapt business processes to their customers, and thus improve the responsiveness of the whole company. Every change and improvement in a business process has to be reflected in the applications that provide support for them.
It is most likely that companies have to live with very complex information system architectures consisting of a heterogeneous mix of different applications that have been developed over time using different technologies and architectures. These existing applications (often called legacy applications) are a vital asset in each company and core business usually depends on them. Replacing them with newly developed applications would be very costly and time consuming and usually would not justify the investment.
On the other hand, existing applications have several limitations. Probably the most important fact is that the majority of older applications have been developed from the functional perspective and have addressed the requirements of a single domain. Therefore, such applications typically do not provide support for the whole business process. Rather they support one or a few activities in a process. Such applications provide support for certain functions or tasks only. For an information system to provide complete support for business processes, it has to be able to use the functionalities of several existing applications in a coordinated and integrated way.
The consequence is that users need to switch between different applications to fulfill tasks and also perform some tasks manually. The flow of the tasks is in the heads of users, not in the information system and this has several disadvantages, such as limited insight into the way business activities are performed, difficulties in tracing current status and progress, difficulties in monitoring key performance indicators, and so on.
Existing applications have often been developed using older technologies, languages, and architectures, which are by definition less flexible to change. Tightly coupled applications, constructed of interrelated modules, which cannot be differentiated, upgraded, or refactored with a reasonable amount of effort, place important limitations on the flexibility of such applications. This is why such applications are sometimes called stovepipe applications.
Let us summarize — on one side we have the business system, which consists of business processes. Business processes define the order of activities and tasks that produce a specific business result. Business processes have to be flexible in order to adapt to customer requirements, to market demand, and to optimize operations.
On the other side, we have the information system with multiple existing applications. Existing applications have important business logic implemented, which a company relies upon to perform business operations. Existing applications are also difficult to modify and adapt, because they have not been developed in a flexible way that would allow modifying application parts quickly and efficiently. This is shown in the following figure:
The business system usually evolves with a different pace as compared to that of the information system. Over time, this has resulted in an important loss of alignment between the business system and the information system. This has resulted in applications that do not fully support business tasks and which have again hindered the evolution of business processes. The consequence has been less flexible and adaptable organizations with less competitive power in the market. Only companies where applications can be quickly and efficiently adapted to changing business needs can stay competitive in the global market.
The loss of alignment between the business and IT has a name — IT gap. An IT gap is a common occurrence in almost every company. It is mainly a consequence of the inability of application developers to modify and adapt the applications to business requirements quickly and efficiently.
The main reason probably lies in the fact that in the past neither programming languages and technologies nor architectural design have anticipated changes. Existing applications have been designed to last. They have been developed in a tightly coupled fashion, which make changes to specific parts of applications very difficult. Because of dependencies, such changes usually often have several unpredictable consequences. In addition to the complexity and size of the modification, an important factor is also the state of the application being modified. If an application has a well-defined architecture and has been constructed keeping in mind future modifications, then it will be easier to modify. However, each modification to the application makes its architecture less robust with respect to future changes. Applications that have been maintained for several years and have gone through many modifications usually do not provide robust architecture anymore (unless they have been refactored constantly). Modifying them is difficult, time consuming, and often results in unexpected errors.
Therefore, modifying existing applications requires time. This means that an information system cannot react instantly to changes in business processes. Rather it requires time to implement, test, and deploy the modifications. This is sometimes referred to as the IT gap time. It is obvious that the gap time should be as short as possible. However, in the real world, this is (once again) not always the case.
Alignment between business and IT, which is today seen as one of the most important priorities.
Indispensability of existing applications: Companies rely upon existing applications and very often their core business operations would be jeopardized if existing applications fail.
We have seen that the lack of alignment between the business and IT is a common occurrence in almost every company. Achieving the alignment by modifying existing applications is in most cases, not successful for two reasons:
Complexity of the IT architecture, which makes modifying existing applications difficult and time consuming
Existing applications must not fail, because companies rely on them for everyday business
The alignment of business and IT is very difficult to achieve using traditional approaches. However, if a mediation layer between the business and the information system is introduced, the alignment between business and IT becomes more realistic — meet the SOA.
To manage problems related to changing requirements, technology developments, and integration, different methods have been proposed and used over time. A Service Oriented Architecture is the latest architectural approach related to the integration, development, and maintenance of complex enterprise information systems.
SOA is not a radically new architecture, but rather the evolution of well-known distributed architectures and integration methods. Integration between applications has evolved from early days into well-defined integration methods and principles, often referred to as EAI (Enterprise Application Integration). EAI initially focused on the integration of applications within enterprises (intra-EAI). With the increasing need for integration between companies (B2B, business-to-business), the focus of EAI has been extended to inter-EAI.
SOA improves and extends the flexibility of earlier integration methods (EAI) and distributed architectures and focuses on the reusability of existing applications and systems, efficient interoperabilities and application integrations, and the composition of business processes out of services (functionalities) provided by applications. An important objective of SOA is also the ability to apply changes in the future in a relatively easy and straightforward way.
SOA defines the concepts, architecture, and process framework, to enable the cost-efficient development, integration, and maintenance of information systems by reducing complexity and stimulation of integration and reuse. Let us look at the definition of SOA, as provided by Bernhard Borges, Kerrie Holley, and Ali Arsanjani (http://searchsoa.techtarget.com/news/article/0,289142,sid26_gci1006206,00.html):
SOA is the architectural style that supports loosely coupled services to enable business flexibility in an interoperable, technology-agnostic manner. SOA consists of a composite set of business-aligned services that support a flexible and dynamically re-configurable end-to-end business processes realization using interface-based service descriptions.
The following figure shows SOA as a mediator that aligns business and IT more closely. The end-to-end automation of business processes with BPEL fills the gap towards the business system. The services fill the gap towards the information system.
A Service-Oriented Architecture has several goals, but the two most important goals are to:
Provide a flexible, adaptable IT architecture, where applications are modularized, consolidated, decoupled, and where business logic is contained in autonomous, encapsulated, loosely-coupled, and reusable components, called services.
Let's look at these two goals more closely.
From the perspective of business systems, it is important that IT provides applications that support business processes from the beginning to the end (or end-to-end). However, such support has to be flexible so that business processes can be modified quickly.
In SOA, this is achieved by introducing a specialized language for business process execution — BPEL. BPEL is the most popular, commonly accepted specialized language for business process automation and the main topic of this book. BPEL is a special language, designed to execute business processes using a special server the process server. BPEL promises to achieve the holy grail of enterprise information systems, to provide an environment where business processes can be developed in an easy and efficient manner, directly executed, monitored, and quickly adapted to the changing needs of enterprises without too much effort.
Achieving adaptable and flexible IT architecture is another important objective of SOA. SOA enables us to develop a modular, loosely coupled architecture, which can overcome the difficulties of existing architectures.
The end-to-end automation of business processes can only be successful if sound, robust, and reliable applications are available underneath. This goal can only be achieved by developing a flexible architecture, where applications consist of modules. In SOA, modules are called services.
Services should be autonomous and should be able to work in different contexts. They should be reusable and loosely coupled. They should be encapsulated and should expose the operations through interfaces. Finally, the application architecture should be consolidated, which means that for a specific functionality, only one service should exist.
In SOA, services become the main building blocks of the overall IT architecture. Services guide us into good development practices and away from monolithic, tightly coupled applications. Services enable better and more efficient integration. They enable us to modify and adapt the applications faster, with less effort and with less negative consequences.
Services are also the main building blocks of BPEL processes. They are the executable artifacts. Those services that expose high-level, coarse-grained operations are called business services. The operations in business services usually represent distinct business activities. They are used in business processes — more exactly, BPEL uses business services to execute process activities. In other words, BPEL processes are compositions of business services. Business services provide the functionality, while BPEL processes contain the process flow.
Business services should be designed in a reusable manner, which means that a single business service can be used by more than one BPEL process. It also means that only one business service with the same functionality should exist in the system, which leads to consolidation.
Although services in SOA are one of the most important building blocks, we should not forget about the architecture. Services will fulfill the promises only if they adhere to the architecture. Architectural design should therefore be the key priority.
Developing services from scratch. This is appropriate for functionalities that are new and not yet covered by existing applications.
Exposing the functionality of existing applications through services. It is particularly important to reuse the logic in existing applications and to integrate new solutions with existing applications. Today, several possibilities exist for exposing existing applications through services, such as facades, adapters, mediators, and so on.
Using services provided by a third party.
The ability to expose existing applications is particularly important, because it enables those who will adapt SOA to reuse their existing IT assets. Existing applications have an enormous amount of business logic, which should be exposed and reused. SOA provides a standardized way to expose and access the functionalities (business logic) of existing applications through services.
From the technical perspective, services can be developed using a variety of distributed architectures. The requirement to expose the functionalities of applications and access them remotely has resulted in several distributed architectures and middleware products over time. The latest distributed architecture is web services. Web services are the most suitable distributed architecture for exposing the functionality of applications as services.
SOA is more than just a set of technologies. SOA is not directly related to any technology, although it is most often implemented with web services. Web services are the most appropriate technology for SOA realization. However, using web services is not adequate to build SOA. We have to use web services according to the concepts that SOA defines.
The most important SOA concepts are:
Services and service abstraction
Self-describing, standardized interfaces with coarse granulation
Exchange of messages
Support for synchronous and asynchronous communication
Service registries and repositories
Quality of service
Composition of services into business processes
Services provide business functionalities, such as an application for business travel, an application for a loan, and so on. This differs considerably from technology-oriented functionalities, such as retrieving or updating a table in a database. Services in SOA must provide business values, hide implementation details, and be autonomous. Services should be abstracted and autonomous. Service consumers are software entities, which call the service and use its functionality.
Service consumers access the service through its interface. The interface of a service defines a set of public operation signatures. It is a contract between the service provider and a service consumer. The interface is separated from the implementation, is self-describing, and is platform-independent. Interface description provides a basis for the implementation of the service by the service provider and a basis for the implementation of the service consumers. Each interface defines a set of operations. In order to define business services, we need to focus on the correct granulation of operations and we should standardize interfaces. SOA services are best modeled with coarse granulation.
Operations are defined as a set of messages. Messages specify the data to be exchanged and describe it in a platform-and-language-independent way using schemas. Services exchange only data, which differs considerably from object-oriented and component approaches, where behavior (implementation code) can also be exchanged. Operations should be idempotent (an operation is idempotent if repeated invocations have the same effect as one invocation). WSDL is a service description language that meets SOA criteria.
Service consumers access services through the service bus. This can be either a transport protocol, such as SOAP or an ESB. Service consumers can use synchronous or asynchronous communication modes to invoke the operations of services. In synchronous mode, a service operation returns a response to the service consumer after the processing is complete. The service consumer has to wait for the completion. Usually, we use the synchronous mode with operations in order to complete processing in a short time. In an asynchronous mode, a service operation does not return a response to the consumer, although it may return an acknowledgement so that the consumer knows that the operation has been invoked successfully. If a response is needed, usually a callback from the service to the consumer is used. In such a scenario, a correlation between messages is needed.
Through the self-describing interfaces, coarse granulation, exchange of data structures, and support for synchronous and asynchronous communication modes, a loose coupling of services is achieved. Loosely coupled services are services that expose only the necessary dependencies and reduce all kinds of artificial dependencies. This is particularly important when services are subject to frequent changes.
Minimal dependencies assure us that there will be a minimal number of changes required by other services when one service is modified. Such an approach improves robustness, makes systems more resilient to change, and promotes the reuse of services.
SOA is about the consolidation of functionalities. Therefore, the common goal is to have a single service for each business functionality. In other words, we should not have more than one service with equal or similar functionalities. It is essential to achieve this in order to reuse services in different contexts. Reuse is not easy to achieve. First, we have to develop services that are general enough to be useful in different scenarios. Second, developers should first look at existing services, before developing a new one. If an existing service fulfills the need, they should reuse it. Reuse is fostered by registries and repositories.
To simplify and automate searching for the appropriate service, services are maintained in service registries, which act as directory listings. Service providers publish services in registries; service consumers look up the services in the registries. Lookup can be done by name, service functionality, or business process properties. UDDI is an example of a service registry. Service registries can improve reuse. In addition to registries, repositories are becoming important for storing artifacts, such as WSDL interfaces, XML schemas, and so on. Registries and repositories play an important role in SOA governance.
Services usually have associated Quality of Service(QoS) attributes. Such attributes include security, reliable messaging, transaction, correlation, management, policy, and other requirements. The infrastructure must provide support for these attributes. Quality of Service attributes are often important in large information systems. In web services, Quality of Service attributes are covered by WS-* specifications, such as WS-Security, WS-Addressing, WS-Coordination, and so on. Quality of Service is also provided by the ESB.
The final and probably the most important SOA concept is the composition of services into business processes. Services are composed in a particular order and they follow a set of rules to provide support for business processes. The composition of services allows us to provide support for business processes in a flexible and relatively easy way. It also enables us to modify business processes quickly and, therefore, to provide support to change requirements faster and with less effort.
For composition, we will use a dedicated language, BPEL, and an engine on which business process definitions will be executed. Only when we reach the level of service composition, can we realize all the benefits of SOA.
Human task support — business processes often involve human interaction. SOA supports human interactions in different ways, such as WS-HumanTask and BPEL4People. Human task support is related to Identity Management.
Process monitoring or Business Activity Monitoring (BAM) allows the monitoring of the execution of processes, such as total execution time, average execution time, execution time of certain activities, and so on. It also allows us to monitor the Key Performance Indicators (KPIs), which is particularly interesting for management, as it allows them to understand better how the business operations perform.
A very important aspect of SOA is SOA governance. SOA is a complex architecture, which has to be governed in order to be consistent. SOA governance is a set of activities related to control over services and processes in SOA. Typical activities are related to managing service portfolios and lifecycles, ensuring service consistency, and monitoring service performance.
The full architecture of SOA is shown in the following figure:
Let us now add the technologies into the previous picture to understand the connection between SOA concepts and the technologies that provide a means for their realization. Notice that the mere use of a specific technology does not guarantee that we are building an SOA-compliant architecture. For example, with web services we can develop business services (for example, a loan application), but we can also develop technology‑focused services (updating the database, for example). So, it is essential that technologies are used according to the guidelines provided by SOA concepts:
For this picture, we can have two views. The bottom-up view of SOA sees different applications exposing their functionalities through business services. This enables access to functionalities (services) of different existing and newly developed applications in a standard way. Access to services is important because a typical enterprise has a large number of applications, which have to be integrated.
Developing business services, either through reuse of existing applications or by new development, is not sufficient. We also need to compose services into business processes — this is the second top-down, or process-oriented approach to SOA. We would obviously prefer a relatively simple and straightforward way to compose and modify business processes. This is where BPEL becomes important.
Services in SOA are composed into aggregate services. We compose services until the aggregate services provide support for the whole business processes. Business processes are thus defined as a collection of activities through which services are invoked. For the outside world, that is, for the clients, a business process looks like any other service. In real-world scenarios, we will usually create two kinds of business processes — those that will contain services from within the enterprise only and those that will consume services provided by several companies. With service composition we can use services provided by business partners in our processes and business partners can use our services in their processes.
For example, a business process for booking business travel will invoke several services. In an oversimplified scenario, the business process will require us to specify the employee name, destination, dates, and other travel details. Then the process will invoke a service to check the employee's status. Based on the employee status, it will select the appropriate travel class. Then it will invoke the services of several airline companies (such as American Airlines, Delta Airlines, and so on) to check the airfare price and buy the one with the lowest price. The structure of services composed in the business process is shown in the following figure. In Chapter 2, Service Composition with BPEL, we will discuss this example in detail and show how to define this process using BPEL.
From the perspective of our business process, we do not care whether the service for checking the employee status accesses a legacy system, a database directly, or retrieves the status in any other way. We also do not care whether the services of airline companies are composed of other low-level services. From the perspective of the client (for our business process) the client monitors the process as any other service and does not care whether the process is implemented through composition of other services or some other way. This stimulates reuse and further composition. Real-world business processes will usually be much more complicated than our example. Usually they will contain several services and invoke their operations either in sequence or in parallel. They will also contain flow logic, handle faults, take care of transactions and message correlation, and so on.
The composition of services into business processes requires the definition of collaboration activities and data‑exchange messages between involved web services. WSDL provides the basic technical description and specifications for messages that are exchanged. However, the description provided by WSDL does not go beyond simple interactions between the client (sender) and the web service (receiver). These interactions may be stateless, synchronous, or asynchronous. These relations are inadequate to express, model, and describe the complex compositions of multiple web services in business activities, which usually consist of several messages exchanged in a well-defined order. In such complex compositions, synchronous and asynchronous messages can be combined, and interactions are usually long running, often involving state information that has to be preserved. An important aspect is also the ability to describe how to handle faults and other exceptional situations. Given the limitations of WSDL, we need a mechanism to describe the composition of web services into more complex processes.
The composition of services into business processes could be realized using one of the well-known programming languages (Java, C#, and so on), but it turns out that the composition of services differs somehow from traditional programming. With composition, we merge functionalities (services) into larger services and processes. In other words, we do programming in large, which differs from traditional programming in small. Programming in large refers to the representation of the high-level state transition logic of a system. Using programming languages, such as Java, C#, and so on, for composition often results in inflexible solutions, particularly, because there is no clear separation between the process flow and the business logic, which should not be tightly coupled.
In addition to these facts, the composition of business processes has other specific requirements, such as support for many process instances, long-running processes, compensation, and so on. All this makes the use of dedicated solutions reasonable. This is why over the years several proprietary BPM (Business Process Management) products have been developed, such as Dralasoft Workflow and Tibco Business Process Management. The disadvantage of using proprietary BPMs is that these are traditionally niche products, sold from a top-down perspective to large business users. Such products usually are expensive and bound to a certain provider. This is why we need BPEL.
Web services are the latest distributed technology and, as we will see, they are the most suitable technology for the realization of SOA. They have become the commonly used technology for interoperability and the integration of applications and information systems. Web services provide the technological foundation for achieving interoperability between applications using different software platforms, operating systems, and programming languages. They are built on XML. While XML is the de facto standard for data-level integration, web services are becoming the de facto standard for service-level integrations between and within enterprises.
From the technological perspective, web services are a distributed architecture. The distributed computing paradigm started with DCE (Distributed Computing Environment), RPC (Remote Procedure Call), and messaging systems, also called message‑oriented middleware (products such as MQ Series, MSMQ, and so on.). Then distributed objects and ORBs (Object Request Brokers), such as CORBAORBs (Common Object Request Broker Architecture), DCOM (Distributed Component Object Model), and RMI (Remote Method Invocation), emerged. Based on these, component models, such as EJB (EnterpriseJava Beans), COM+ (Component Object Model), .NET Enterprise Services, and CCM (CORBA Component Model) have been developed. RPC, ORBs, and component models share a similar communication model, which is based on a synchronous operation invocation. Messaging systems are based on an asynchronous communication model.
Web services are similar to their predecessors, but also differ from them in several aspects. Web services are the first distributed technology to be supported by all major software vendors. Therefore, they are the first technology that fulfills the promise of universal interoperability between applications running on disparate platforms. The fundamental specifications that web services are based on are SOAP (Simple Object Access Protocol), WSDL (Web Services Description Language), and UDDI (Universal Description, Discovery, and Integration). SOAP, WSDL, and UDDI are XML-based, making web services protocol messages and descriptions human readable.
Web services support loose coupling through operations that exchange data only. This differs from component and distributed object models, where behavior can also be exchanged.
Operations in web services are based on the exchange of XML‑formatted payloads. They are a collection of input, output, and fault messages. The combination of messages defines the type of operation (one-way, request/response, solicit response, or notification). This differs from previous distributed technologies. For more information, please refer to WSDL and XML Schema specifications.
Web services provide support for asynchronous as well as synchronous interactions.
Web services introduce the notion of endpoints and intermediaries. This allows new approaches to message processing.
Web services are stateless. They do not follow the object paradigm.
Web services utilize standard Internet protocols such as HTTP (Hyper Text Transfer Protocol), SMTP, (Simple Mail Transfer Protocol), FTP (File Transfer Protocol), and MIME (Multipurpose Internet Mail Extensions). So, connectivity through standard Internet connections, even those secured with firewalls, is less problematic.
In addition to several advantages, web services also have a couple of disadvantages. One of them is performance, which is not as good as that of distributed architectures that use binary protocols for communication. The other is that plain web services do not offer infrastructure and Quality of Service features, such as security, transactions, and others, which have been provided by component models for several years. Web services fill this important gap by introducing additional specifications:
WS-Coordination: Defines a coordination framework for web services and is the foundation for WS-AtomicTransaction and WS-BusinessActivity.
Transactions specifications (WS-AtomicTransaction and WS-BusinessActivity): Specify support for distributed transactions with web services. AtomicTransaction specifies short duration, ACID transactions, and BusinessActivity specifies longer-running business transactions, also called compensating transactions.
Because of their flexibility, interoperability, and other features, web services are regarded as the most appropriate technology for exposing the functionalities of applications as services and are therefore the most appropriate technology for realization of SOA. Because of their wide support by all major software vendors, web services provide the possibility to use the same technology to expose services implemented in a variety of different applications ranging from mainframe-based legacy applications to the modern multitier applications.
In most enterprises, web services are not the only middleware solution used. Usually enterprises already have one or more middleware products, such as messaging systems and ORBs. Enterprises cannot afford to replace them overnight with web services. Therefore, there is a need to integrate different middleware products and provide interoperability with web services.
In order to provide connectivity between services, the use of SOAP in complex environments is not adequate. In such environments, we need ways to connect, mediate, manage, and control the services and particularly the communication between them.
SOAP over HTTP might not be robust enough for heavy enterprise use. Enterprise information systems require dependable, robust, and secure service infrastructure.
The Enterprise Service Bus (ESB) is the software infrastructure, acting as an intermediary layer of middleware that addresses the above-mentioned requirements. An ESB adds flexibility to the communication between services and simplifies the integration and reuse of services. An ESB makes it possible to connect services implemented in different technologies (such as EJBs, messaging systems, CORBA components, and legacy applications) in an easy way. It can act as a mediator between different, often incompatible protocols and middleware products.
The ESB provides a robust, dependable, secure, and scalable communication infrastructure between services. It also provides control over the communication and control over the use of services, including:
Message interception capabilities: This allows us to intercept requests to services and responses from services and apply additional processing to them. In this manner, the ESB acts as an intermediary.
Routing capabilities: This allows us to route the messages to different services based on their content, origin, or other attributes.
Transformation capabilities: These allow us to transform messages before they are delivered to services. For XML-formatted messages, such transformations are usually done using XSLT (Extensible Stylesheet Language for Transformations) or XQuery engines.
Control over the deployment, usage, and maintenance of services: This allows logging, profiling, load balancing, performance tuning, charging for use of services, distributed deployment, on-the-fly reconfiguration, and so on.
Other important management features include the definition of correlation between messages, definition of reliable communication paths, definition of security constraints related to messages and services, and so on.
The Enterprise Service Bus enables the communication and management of services and provides answers related to the usage of services in complex enterprise information systems. In such environments support for the centralized, declarative, and well-coordinated management of services and their communications is required. Because of existing middleware, the integration of different middleware products and interoperability with other services is required.
The Enterprise Service Bus is important, because it represents the communication backbone for services. Using ESB for communication, we can get rid of point-to-point connections between services and processes. ESB also simplifies the transition between development, test, and production environments.
The most important features of ESB are service routing, transformation, and enhancement, protocol transformation, service mapping, security, and Quality of Service:
Message routing enables us to route messages to a specific service provider in a declarative manner based on the message content, user type, channel, or other rules.
Message enhancement enables us to add or remove data to the message, so that they conform to the requirements of the service provider and service consumer.
Protocol transformation is the ability to automatically transform the protocol based on the service provider and service consumer preferences. For example, a service consumer might use SOAP, while the service uses JMS. Protocol transformation can also optimize performance and switch to an optimized protocol for collocated services.
Service mapping enables us to map a service to a specific service implementation. This is usually an extension of WSDL bindings.
Security enables us to secure services and the transportation layer used for the exchange of messages. For securing services, authentication and authorization are important; for securing the exchange of messages, encryption is usually applied.
Quality of Service allows us to define specific parameters of service communication, such as reliability, bandwidth, availability, and so on. Quality of Service assurance is the baseline for the definition of Service Level Agreements (SLA).
Currently, there are several products in the market that claim to provide ESB functionality. A good ESB should provide at least Quality of Service support at enterprise level, including reliability, fault-tolerance, and security. If provided by an ESB, services can depend on these features and do not need to implement them themselves. The ESB should also allow the configuration of any combination of these Quality of Service features and provide flexibility.
An ESB should provide support for a variety of technologies on which services are implemented. In addition to web services, an ESB should provide connectors for a broad range of technologies, such as Java EE and .NET components, messaging middleware, legacy applications, and TP monitors. The ESB needs to provide flexibility to bind any combination of services without technological constraints. It should also support a combination of different interaction models, such as queuing, routing, and so on, without changing the services or requiring to write code.
An ESB should make services broadly available. This means that it should be easy to find, connect, and use a service irrespective of the technology it is implemented in. With a broad availability of services, an ESB can increase the reuse and can make the composition of services easier. Finally, an ESB should provide management capabilities, such as message routing, interaction, and transformation, which we have already described.
An ESB that provides these features becomes an essential part of the SOA. It provides several benefits, including increased flexibility, reduced deployment, development, and maintenance costs, and increased reliability and manageability.
The following figure shows the relation between BPEL, ESB, and services:
We have already seen that SOA consists of services and processes. The more applications that we implement following SOA concepts, the more services we will have. Managing the services becomes a challenging task. This includes aspects such as:
How many services do we have?
Does a service with a specific functionality already exist?
Where is the service deployed?
Which versions of the service exist?
Who are the consumers (clients) of a specific service?
What is the interface definition (WSDL) of a service?
Registries and repositories help to answer these and similar questions. They have become an essential part of each SOA architecture. Registries and repositories are used to register services in a central location. Once registered, we can search and locate appropriate services. The more metadata about a service we include, the better search capabilities a registry and repository can provide.
A rule of thumb is that once we have more than 50 services we will desperately start needing the registry and repository. However, sometimes it might be wise to introduce it from the beginning, because once developers get used to a certain development process, it will be very difficult to change their behavior.
In addition to the above-mentioned questions, registries and repositories play an important role in service reuse. Simplifying things somewhat, reuse on a service level means that we compose executable processes (in BPEL) and reuse as many services as possible instead of developing them from scratch.
Registries and repositories also play an important role in the deployment process. In professional development it is usual to have three environments: development, test, and production. When an application is ready for production use, this requires that it is deployed into the production environment. The controlled deployment of processes requires that a process starts to use a production version of services instead of development or test versions. If links to services are hard coded into the BPEL processes, such migrations can be very painful, as it might (in a worst-case scenario) require the manual change of URL addresses. When deploying a service we might want to know which processes use this service, because we might want to retest those processes.
The understanding of the role of registries and repositories in SOA has changed over the years considerably. A few years ago, we believed that a relatively simple registry — UDDI, would cover all the needs. Today, we have identified that a registry alone is not powerful enough for SOA, because in many cases it makes sense to store service metadata as well (WSDL interfaces, XSD schemas, and so on).Therefore, today we talk about registries and repositories.
A powerful registry and repository should have the following features:
Classification capabilities to categorize and classify services and processes based on one or more classification schemas. This simplifies queries and enables easier locations for the most appropriate services for reuse.
Governance functions, which should enable the definition of proprietary service/process lifecycles, together with the conditions to go from one stage of the lifecycle to another. Stage transitions can trigger automatic actions, such as validators.
Access control, which defines who can do which operations on the registry and repository, and on the registered services/processes. Such access control could be based on XACML (eXtensible Access Control Markup Language).
User, programming, and administration interfaces.
Registries and repositories also play an important role in SOA governance.
Business processes often involve human interaction. Therefore, SOA has to provide support for human tasks. Human tasks are sometimes called user interactions. Human tasks in business processes can be simple, such as approving certain tasks or decisions, or complex, such as delegation, renewal, escalation, nomination, or chained execution. Task approval is the simplest and probably the most common human task. If the situation is more complex, a business process might require several users to make approvals, either in sequence or in parallel. In sequential scenarios, the next user often wants to see the decision made by the previous user. Sometimes, (particularly in parallel human tasks) users are not allowed to see the decisions taken by other users. This improves the decision potential. Sometimes one user doesn't even know which other users are involved — or whether any other users are involved at all.
A common scenario for involving more than one user is escalation. Escalation is typically used in situations where an activity doesn't fulfill a time constraint. In such a case, a notification is sent to one or more users. They can be chained, going first to the first-line employees and advancing to senior staff if the activity is not fulfilled.
Sometimes it's difficult or impossible to define in advance, which user should perform an interaction. In this case, a supervisor might manually nominate the task to other employees; the nomination can also be made by a group of users or by a decision-support system.
In other scenarios, a business process may require a single user to perform several steps that can be defined in advance or during the execution of the process instance. Even more-complex processes might require that one workflow is continued with another workflow.
Human tasks can include data entries or process management issues, such as process initiation, suspension, and exception management. This is particularly true for long-running business processes, where, for example, user exception handling can prevent costly process termination and related compensation for those activities that have already been successfully completed.
As a best practice for human tasks, it's usually not wise to associate human tasks directly with specific users; it's better to connect tasks to roles and then associate those roles with individual users. This gives business processes greater flexibility, allowing any user with a certain role to interact with the process and enabling changes to users and roles to be made dynamically. To be able to do this, we need to have an Identity Management system where users, roles, and groups are managed. This can be a simple LDAP or a more sophisticated system.
To interleave human tasks with BPEL processes we can use a workflow service, which interacts with BPEL processes using standard WSDL interfaces, as any other service. This way, the BPEL process can assign user tasks and wait for responses by invoking the workflow service using the same syntax as for any other service. The BPEL process can also perform more complex operations such as updating, completing, renewing, routing, and escalating tasks.
To standardize the explicit inclusion of human tasks in BPEL processes the BPEL4People (WS-BPEL Extension for People) specification has been proposed. BPEL4People introduces people activities and people links into BPEL. People activity is a new BPEL activity used to define user interactions, in other words, tasks that a user has to perform. For each people activity, the BPEL server must create work items and distribute them to users who are eligible to execute them. To specify human tasks the WS-Human Task specification has been proposed.
One of the key elements for process control is process monitoring or BAM. The key objective of BAM is to provide a complete insight into business process execution. BAM allows for the monitoring of Key Performance Indicators, such as total execution time, average execution time, the execution time of certain activities, and so on. This allows us to understand better how the business processes perform.
The most important component of BAM is time. Time is crucial, because BAM shows the actual near real-time information on process execution. This way, a company can react quickly and efficiently to changes reflected through process execution.
BAM solutions can provide other useful information. They can show us how many process instances are active at a specific time, how long on average it takes to complete a process, which users (employees) have started how many process instances, and so on.
Note that BAM is not related to automatic activities (those implemented by services) only. It can be used with human activities as well. In such a case, we can use BAM to observe the productivity of employees.
BAM is not only a system that displays interesting information about processes, but also consolidates data gathered from different independent sources. Connecting these data with past data enables BAM to identify critical situations in process execution or even automatically or semi-automatically solves some frequent critical problems. The ultimate goal of each BAM user is to optimize the process execution, to improve the process efficiency, and to sense important events and react.
The BAM user interface (dashboard) should be simple and present information and data in an easy and understandable way. It should hide all the complexity behind the scenes. Usually a typical BAM user interface uses graphical elements, graphs, and colors to present the data. The following screenshot shows an example BAM:
In the previous figure, we can see the BAM dashboard showing different important information for decision makers. In addition to the dashboard, another important part of the BAM is the decision-support module. A module such as this can use decision methods, business intelligence, or simulations for support and can help decision makers take the right decision at the right time, which can improve business efficiency.
Business rules are part of almost every business application. Experience has shown that business rules change sometimes or very often. Today, business rules are usually coded into different applications and are tightly coupled with the implementation of an application system. Changing business rules is therefore often very difficult and requires modifications to applications. Each modification requires that the developer changes the code. After that, testing and deployment has to be done.
The same business rules are often implemented in several applications. Therefore, if a rule changes, the major challenge becomes to identify in which applications this business rule is coded and to modify each application where such a rule has been used.
Business rules are also very common in business processes. BRMS or rule engines are meant to provide a central location for storing, executing, and managing business rules. Instead of hard-coding business rules into the executable code (whether BPEL, or Java, C#, and so on), we place business rules into the BRMS, where:
Business rules can be reused from different processes, services, and applications
User friendly interfaces exist, which enable us to change and modify business rules
Adapters in SOA are meant to simplify the integration with external systems, such as ERP, CRM, SCM, and others. Without adapters, we would need to manually expose functionality out of such systems, for example by developing corresponding web services. As such systems usually have rich functionalities, it would require a considerable amount of time and effort to develop the integration interfaces and services. Additionally, when such a system is upgraded, we would need to modify the integration services.
Adapters automate this procedure and provide tools to integrate with such systems in an easy way. Examples of adapters are adapters for SAP, Oracle, PeopleSoft, Salesforce, or some other popular system. Adapters are also useful for accessing database data directly. Such adapters automate the development of data services. Examples include adapters for Oracle, DB2, SQL Server, and so on.
Adapters differ in the level of sophistication. The simplest adapters are just API wrappers, which expose the interfaces of the external systems as a service (usually a web service). More sophisticated adapters can have smart fault handling mechanisms, can capture events on both sides, allow synchronous and asynchronous interactions, take care of load balancing, performance, scalability, security, and so on.
When deploying an SOA platform, it makes sense to check whether it provides adapters for the systems that we have deployed in our information system. With adapters, accessing the functionality of such systems will most likely be much simpler than without.
So far we have seen that SOA applications are composite applications that consist of several components, such as services, BPEL processes, ESB mediation, rules, adapters, and so on. All these components have to work together and support one or more composite applications.
Service Component Architecture (SCA) defines a programming model for composite SOA applications. SCA is based on the idea of service composition (orchestration). SCA provides a model for the composition of services and for the creation of service components, including the reuse of existing applications within SCA composites.
The basic building blocks of SCA are components. Every SCA application is built from one or more components. Components can be implemented in a programming language such as Java, C++, C, or they can be implemented as BPEL processes. SCA provides a generalized definition of a component.
Components offer their business function for use by other components as services. Implementations may depend on services provided by other components. Such dependencies are called references. Implementations can have properties through which the business function can be influenced. The component configures the implementation by providing values for the properties and by wiring the references to services provided by other components. An SCA component is represented like this:
Service components are assembled into applications, called composites. Composites can contain components, services, references, properties, and wiring. Composites themselves can also be used as components and can provide services, they can depend on references and expose properties.
Composites can be used within other composites. This allow a hierarchical construction of composite business applications, where high-level services are implemented by sets of lower-level services. The following example shows an SCA composite:
We will use the SCA and composites in Chapter 4, BPEL Processes with IBM WebSphere, when we will start to develop composite applications.
SOA governance is a set of related activities for exercising control over services and processes in SOA. SOA is a distributed architecture where applications consist of services and processes. The objective of SOA governance is assurance that all services and processes within an information system will adhere to the overall architecture. SOA governance has to address many different aspects, among them:
Services and processes must follow specific guidelines, best practices, and patterns
Services should not be duplicated
Services are reused and reusable
The portfolio of services is managed, including the development of new services and modifications of existing services
Versioning of services and processes is defined
Service lifecycle is defined
Deployment practices are defined
Consistency of services is monitored
Quality of Services is ensured
SOA governance is an essential element of a successful SOA implementation. Without governance, SOA will most likely fail to deliver its value to the stakeholders. To learn more about SOA governance, have a look at: SOA Governance by Todd Biske, Packt Publishing.
The general adoption of business process automation solutions requires a standard foundation and a specialized language for composing services into business processes that provide the ability to express business processes in a standardized way, using a commonly accepted language. BPEL is such a language and is quickly becoming the dominant standard. The main goal of BPEL is to standardize the process of automation between web services.
With BPEL, we can define business processes that make use of services and business processes that externalize their functionality as services.
Within enterprises, BPEL is used to standardize enterprise application integration and extend the integration to previously isolated systems. Between enterprises, BPEL enables easier and more effective integration with business partners. BPEL stimulates enterprises to further define their business processes, which in turn leads to business process optimization, re-engineering, and the selection of the most appropriate processes, thus further optimizing the organization. Definitions of business processes described in BPEL do not influence existing systems. BPEL is the key technology in environments where functionalities already are, or will be, exposed via web services. With increases in the use of web service technology, the importance of BPEL will rise further.
IBM, BEA, and Microsoft developed the first version of BPEL in August 2002. Since then SAP and Siebel have joined, which has resulted in several modifications and improvements and the adoption of version 1.1 in March 2003. In April 2003, BPEL was submitted to OASIS (Organization for the Advancement of Structured Information Standards) for standardization purposes, where the WSBPEL TC (Web Services Business Process Execution Language Technical Committee) has been formed. Many vendors have joined the WSBPEL TC (http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel) since then. This has led to even broader acceptance in industry. In April 2007, BPEL version 2.0 was approved by OASIS after quite a long preparation period.
BPEL represents a convergence of two early workflow languages, WSFL (Web Services Flow Language) and XLANG. WSFL was designed by IBM and is based on the concept of directed graphs. XLANG was designed by Microsoft and is a block-structured language. BPEL combines both approaches and provides a rich vocabulary for the description of business processes.
BPEL uses an XML-based vocabulary to specify and describe business processes. BPEL version 2.0 utilizes the WSDL 1.1, XML Schema 1.0, XPath 1.0, and XSLT 1.0 specifications. Familiarity with them is helpful for learning BPEL.
With BPEL we can define simple and complex business processes. To a certain extent, BPEL is similar to traditional programming languages. It offers constructs such as loops, branches, variables, assignments, and so on that allow us to define business processes in an algorithmic way. BPEL is a specialized language focused on the definition of business processes. It is an execution language for business processes, not a modeling language. Therefore, on one hand it offers constructs, which makes the definition of processes relatively simple. On the other hand, it is less complex than traditional programming languages, which simplifies learning.
The most important BPEL constructs are related to the invocation of services. BPEL makes it easy to invoke operations of services either synchronously or asynchronously. We can invoke operations either in sequence or in parallel. We can also wait for callbacks. BPEL provides a rich vocabulary for fault handling, which is very important, as robust business processes need to react to failures in a smart way. BPEL also provides support for long-running processes and compensation, which allows undoing partial work done by a process that has not finished successfully. Listed below are the most important features that BPEL provides. With BPEL we can:
Describe the logic of business processes through composition of services
Compose larger business processes out of smaller processes and services
Handle synchronous and asynchronous (often long-running) operation invocations on services and manage callbacks that occur at later times
Invoke service operations in sequence or parallel
Selectively compensate completed activities in case of failures
Maintain multiple long-running transactional activities, which are also interruptible
Resume interrupted or failed activities to minimize work to be redone
Route incoming messages to the appropriate processes and activities
Correlate requests within and across business processes
Schedule activities based on the execution time and define their order of execution
Execute activities in parallel and define how parallel flows merge based on synchronization conditions
Structure business processes into several scopes
Handle message-related and time-related events
In orchestration, a central process takes control over the involved services and coordinates the execution of different operations on the services involved in the operation. This is done as per the requirements of the orchestration. The involved services do not know (and do not need to know) that they are involved in a composition and that they are a part of a higher business process. Only the central coordinator of the orchestration knows this, so the orchestration is centralized with explicit definitions of operations and the order of invocation of services. Orchestration is usually used in private business processes and is schematically shown as follows:
Choreography, on the other hand, does not rely on a central coordinator. Rather, each service involved in the choreography knows exactly when to execute its operations and whom to interact with. Choreography is a collaborative effort focused on the exchange of messages in public business processes. All participants of the choreography need to be aware of the business process, operations to execute, messages to exchange, and the timing of message exchanges. Choreography in services composition is as shown in the following figure:
From the perspective of composing services to execute business processes, orchestration has an advantage over choreography. Orchestration is a more flexible paradigm, although the line between orchestration and choreography is vanishing. Orchestration has the following advantages:
We know exactly who is responsible for the execution of the whole business process
We can incorporate services, even those that are not aware that they are a part of a business process
We can also provide alternative scenarios when faults occurs
We can specify the public message exchange between parties only. Such processes are called abstract business processes. They do not include the internal details of process flows and are not executable. They follow the choreography paradigm.
Executable business processes are processes that comprise of a set of existing services and specify the exact algorithm of activities and input and output messages. Such processes are executable by BPEL engines. Executable processes are important because they are the direct answer to the problem of business process automation through IT that we have discussed earlier in this chapter. With BPEL executable processes, we are able to specify the exact algorithm of service composition in a relatively simple and straightforward way and execute it on a BPEL‑compliant engine. Executable processes fill the gap between the business process specifications and the code responsible for their execution.
When we define an executable business process in BPEL, we actually define a new web service that is a composition of existing services. The interface of the new BPEL composite web service uses a set of port types, through which it provides operations like any other web service. To invoke an executable business process, we have to invoke the resulting composite web service. You can see that executable business processes are the most important way of using BPEL. In the majority of cases, BPEL is used to specify executable processes.
Abstract business processes, on the other hand, are not executable. They specify public message exchange between parties only — the externally observable aspects of process behavior. The description of the externally observable behavior of a business process may be related to a single service or a set of services. It might also describe the behavior of a participant in a business process. Abstract processes will usually be defined for two scenarios:
Abstract processes are rarely used. The most common scenario is to use them as a template to define executable processes. Abstract processes can be used to replace sets of rules usually expressed in natural language, which are often ambiguous. In this book, we will first focus on executable processes and come back to abstract processes in Chapter 3, Advanced BPEL.
BPEL is not the only language for business process execution. Before we start discussing the technical aspects of BPEL, let us overview the relation of BPEL to other languages. Recently, several orchestration and choreography languages have been proposed. The most important orchestration languages include:
In addition to orchestration and choreography languages, which have primarily been designed to provide machine executable representations of business processes, we also have to mention the business process modeling notations. These are used to define business process models and are essential for BPM (Business Process Management). The most popular and well-known is the BPMN (Business Process Modeling Notation). BPMN is becoming an important part of SOA.
The following figure shows a timeline of the mentioned languages, as they have been developed:
We have already mentioned that BPEL represents a convergence of XLANG and WSFL and it shares and further develops the concepts of those languages. In the following sections we will briefly describe these languages.
XLANG has been one of the early orchestration languages. It has been developed with the objective of achieving clear separation between processes and implementations. It is a Microsoft proprietary language and not fully documented. It has been used in Microsoft BizTalk. XLANG and its successor XLANG /s can be viewed as messaging languages with some of the expression capabilities of C#. However, code is not portable between XLANG /s and C#.
XLANG/s specifies high-level constructs that are used to define and execute business processes. The semantics embodied in XLANG/s are a reflection of those defined in BPEL. Although XLANG is thought of as a predecessor of BPEL, Microsoft continues to use XLANG/s in their BizTalk Server. Instead of moving to BPEL in BizTalk, Microsoft provides a conversion between XLANG/s and BPEL.
WSFL is also one of the early XML-based orchestration languages. It has been developed by IBM to be a part of the web services technology stack. WSFL supports two types of service compositions. First is the flow model, which specifies the exact interactions between services (a process). Such a flow model is executable. The second type is the global model, which specifies the overall interaction of services and is abstract. This is very similar to BPEL executable and abstract processes.
As we have already mentioned, WSFL has, together with XLANG, provided a basis for BPEL. Unlike Microsoft, IBM has moved to BPEL as their main language for service composition and provides full support for BPEL in their various products, such as IBM WebSphere Process Server.
BPML has been developed by BPMI.org (Business Process Management Initiative). Intalio has played an important role and has been the initiator of BPML. BPML is a meta-language for modeling business processes and provides an abstract execution model for describing collaborations and transactions. It defines a formal model for expressing abstract and executable processes, and supports:
BPML can describe a process in a specific language, defined on top of the extensible BPML scheme. Business processes are defined as groups of flows (control flows, data flows, and event flows). Formatting features, security rules, and transactional contexts can also be defined. BPML offers support for synchronous and asynchronous distributed transactions and can be used for the process components of existing applications.
Comparing BPML to BPEL shows that both share similar roots in web services and leverage other web services specifications, particularly WS-Security, WS-Coordination, and WS-Transactions. However, BPML supports modeling more complex business processes through its support for advanced semantics such as nested processes and complex compensated transactions. BPML can therefore be regarded as a superset of BPEL. The extensions of BPEL with business rules, task management, human interactions, and so on are defined in BPXL (Business Process Extension Layers).
The fact that both BPEL and BPML share the same idioms and have similar syntax has resulted in BPML being discontinued in favor of BPEL. BPEL has over the years gained much broader support by software vendors than BPML.
ebXML (Electronic Business XML) is a framework that provides a set of technologies, BPSS (Business Process Specification Schema) being one of them. ebXML has been developed under the initiative of OASIS and UN/CEFACT and consists of the following technologies:
BPSS covers the same domain as BPEL. The BPSS approach to the process specification follows the choreography pattern and is therefore comparable to abstract BPEL processes. In addition to specifying the process logic, BPSS also specifies the communication protocol details.
BPSS is designed around the concept of business transactions, which is, however, not fully conformant with the web services transactions specifications. A BPSS business transaction is used to describe the message exchange between two abstract roles: the sender and the responder. Each message consists of an XML document and optional attachments, which can be XML or binary. For each responding message, we specify whether it is a positive or negative message. Each message is associated with a business transaction protocol. Collaboration in BPSS can be bilateral or multi-party and is described by the business transaction protocol.
We can see that BPSS is not a direct alternative to BPEL and is used in environments where ebXML is applied. For more information on ebXML, read the following books:
ebXML: Concepts and Application by Brian Gibb and Suresh Damodaran, John Wiley & Sons, October 21, 2002, ISBN: 0-7645-4960-X
ebXML: The New Global Standard for Doing Business over the Internet by Alan Kotok and David RR Webber, SAMS, August 23, 2001, ISBN: 0-7357-1117-8
ebXML Simplified: A Guide to the New Standard for Global E‑Commerce by Eric Chiu, John Wiley & Sons, June 15, 2002; ISBN: 0-471-20475-7
YAWL has been developed by Eindhoven University of Technology and Queensland University of Technology. Subsequently, several companies have contributed to the language. The objective of YAWL has been to develop a language that would support workflow patterns with a formal specification. YAWL is based on Petri nets. The formal semantics of YAWL enables the static analysis of the language, which is supported by a tool. The language itself is supported by software that is developed as an open source under an LGPL license. It includes the execution engine, graphical editor, and an application for human tasks.
Similar to BPEL, YAWL is an executable language for processes (workflows). The main advantage of YAWL is its support for workflow patterns. The major difference is how both languages have been developed. BPEL has been driven by a standardization committee under OASIS and has gained large industry support. Today, most major vendors provide support for BPEL. YAWL, on the other hand, has only one implementation. More on YAWL can be found on http://www.yawl-system.com/.
WSCL has been developed by HP. In contrast to previously mentioned languages, WSCL has focused on the choreography aspect rather than on the orchestration. It has been designed to describe business-level conversations or public processes, supported by corresponding services. WSCL specifies the XML documents being exchanged and the allowed sequencing of these document exchanges. WSCL is not a direct alternative to BPEL, as it does not support executable process orchestrations, as BPEL does. It is somehow similar to BPEL abstract processes.
HP has submitted WSCL to W3C, where it has become a W3C Note in 2002. Since then it has not gained much support from software vendors and, therefore, WSCL does not play an important role in SOA. The WSCL specification is accessible at http://www.w3.org/TR/wscl10/.
WSCI (Web Services Choreography Interface) version 1.0 has been developed by Sun, BEA, SAP, and Intalio. WSCI is a choreography language for describing the flow of messages exchanged by web services in the context of a process. It allows us to describe the observable behavior of a web service in a message exchange. WSCI also describes the collective message exchange among interacting web services, providing a global and message-oriented view of a process involving multiple web services.
In WSCI, message exchange is described from the viewpoint of each web service. Each exchange can be qualified by message correlations, transaction descriptions, and location capabilities. WSCI, therefore, describes the observable behavior of web services. However, WSCI does not address the definition of the processes driving the message exchange. It also does not address the definition of the internal behavior of each web service.
As WSCI follows the choreography pattern and does not address defining executable business processes, it is compared directly to BPEL abstract processes. WSCI has a cleaner interface, which makes it a little easier to learn than BPEL. The WSCI specification has also been submitted to W3C, which has published it as a W3C Note. Further, W3C has formed a WS-Choreography working group, which will address the choreography of web services, but has only released the requirements specification so far.
WSCI has not gained industry support comparable to BPEL. The industry consensus seems to support BPEL. The WSCI specification is accessible at http://www.w3.org/TR/wsci/.
WS-CDL is a language for specifying the choreography of collaborating services. It targets the composition of interoperable collaborations between services. With WS-CDL, we can specify the peer-to-peer collaboration of web services through the definition of their observable behavior. We can define sets of rules that define how, and in what order, different services should act together. Such specification provides a flexible systemic view of the process.
Its authors position WS-CDL as a complementary language to BPEL (and other business process languages). While BPEL focuses on the behavior specification of a specific business partner, WS-CDL focuses on the description of message interchanges between business partners. WS-CDL provides the global model needed by BPEL processes to ensure that the behavior of endpoints is consistent across all cooperating services.
A business partner can use the WS-CDL choreography specification to verify if their internal processes have their outside behavior defined in a way that will allow them to participate in choreography. WS-CDL choreography specifications can be used to generate public interfaces, for example, specified using BPEL abstract processes. WS-CDL specifications are also useful at runtime to verify the execution of message exchange between business partners.
As WS-CDL is a complementary language to BPEL, we cannot make a direct comparison. However, WS-CDL differs considerably from BPEL. With WS-CDL, we define the message flows exchanged by all partners, while with BPEL we focus on message flow and the behavior of a specific partner, that is, on the internal behavior of a business process. The WS-CDL description of message flows is done from a general perspective, while BPEL specifies message exchange from the point of view of a specific partner. A BPEL process specifies activities that are executed. WS-CDL specifies reactive rules, which are used by all participants of a collaboration.
At the time of writing, WS-CDL has been a W3C Candidate Recommendation, dated 9 November 2005. Since then, WS-CDL has not gained much industry support, as no major vendor supports it. At the time of writing, only two small vendors provided tools. The WS-CDL specification is accessible at http://www.w3.org/TR/ws-cdl-10/.
Business Process Modeling Notation (BPMN) is a graphical notation for specifying business processes. It is the most comprehensive notation for process modeling so far. BPMN has initially been developed by the BPMI. In 2005, BPMI merged with OMG (Object Management Group) . The current version of BPMN is 1.2. BPMN version 2.0 is currently a work in progress.
We use BPMN to draw business process diagrams. Such diagrams present the activities and tasks of a process and their relations. The diagram uses flowchart concepts to represent the logic of business processes.
BPMN is a graphical-visual language and uses a set of graphical elements. Activities are represented as rectangles and decisions are represented as diamonds. BPMN successfully joins the simplicity of the diagrams with the expressive power, which allows BPMN to be used for complex processes and specification of details.
To model the diagrams, BPMN defines four categories of elements:
Flow objects, which are activities, events, and gateways. Activities can be tasks or subprocesses. Events can be triggers or results. Three types of events are supported: start, intermediate, and end. Gateways control the divergence of sequential flows into concurrent flows and their convergence back to sequential flow.
Connecting objects are used to connect together flow objects. Connectors are sequence flows, message flows, and associations.
Swim lanes are used to organize activities into visual categories in order to illustrate different responsibilities or functional capabilities. Pools and lanes can be used for swim lanes.
Artifacts are used to add specific context to the business processes that are modeled. Data objects are used to show how data is produced or required by the process. Groups are used to group together similar activities or other elements. Annotations are used to add text information to the diagram. We can also define custom artifacts.
BPMN can be used to model parts of processes or whole processes. Processes can be modeled at different levels of fidelity. BPMN is equally suitable for internal (private) business processes and for public (collaborative) business-to-business processes.
The most important goals when designing BPMN have been:
To develop a notation that will be useful and understandable at all levels of BPM. In business process modeling, different people are involved. From business users, business analysts, process owners, to the technical architects and developers. The goal of BPMN has been to provide a graphical notation that is simple to understand, but powerful enough to model business processes into the required details.
The semantic gap between the business process models and the information technology (application software) has been quite large with existing technologies. There has been no clear definition of how one relates to the other. The goal of BPMN is to enable automatic transformation into the executable code, into BPEL and vice versa. Therefore, BPMN has been designed specifically to provide such transformation.
Particularly, because of the ability to automatically transform BPMN process models in executable BPEL processes, BPMN today plays an important role in SOA development. Modeling of a business process using BPMN is usually the first step. After the model is complete, such a process is transformed into BPEL to be executed on a process server. Today several tools for major vendors such as Oracle and IBM provide such automatic transformation, usually in both directions, which enables round-tripping between model (BPMN) and executable process representation (BPEL).
For more information on BPMN read the following books:
Business Process Driven SOA using BPMN and BPEL by Matjaz B. Juric and Kapil Pant, Packt Publishing, August 2008, ISBN: 1847191460.
BPMN Specification, http://www.bpmn.org/
BPEL servers provide a run-time environment for executing BPEL business processes. Today BPEL servers are usually part of the SOA platform, which in addition to the BPEL server includes other elements of a complete SOA environment: application server, ESB, registry and repository, human tasks support, process monitoring, BRMS (Rule Engine), and adapters. Often a development environment is also included and sometimes a process modeling tool is also available. Most advanced SOA platforms support the automatic translation of business models into executable BPEL processes.
Most SOA platforms have been developed on top of modern software platforms, particularly Java Enterprise Edition and Microsoft .NET. BPEL servers leverage Java Enterprise Edition or .NET application server environments, where they can make use of the services provided by application servers, such as security, transactions, scalability, integration with databases, components such as EJBs (Enterprise Java Beans) and COM+ (Component Object Model), messaging systems such as JMS (Java Message Service) or MSMQ (Microsoft Message Queue), and so on.
IBM WebSphere (WebSphere Process Server) (http://www.ibm.com/software/solutions/soa/)
Oracle SOA Suite (BPEL Process Manager) (http://www.oracle.com/technologies/soa/soa-suite.html)
Oracle Sun Java Composite Application Platform Suite (http://developers.sun.com/javacaps/)
TIBCO ActiveMatrix (ActiveMatrix BusinessWorks) (http://www.tibco.com/products/soa/default.jsp)
InterSystems Ensemble (http://www.intersystems.com/ensemble/index.html)
Fujitsu Interstage (Business Process Manager) (http://www.fujitsu.com/global/services/software/interstage/)
Hitachi uCosminexus Service Platform (http://www.hitachi.co.jp/Prod/comp/soft1/global/prod/cosminexus/sol/sp/sp_view.html)
Software AG webMethods (http://www.softwareag.com/Corporate/products/wm/default.asp)
Intalio BPM (http://www.intalio.com/products/bpm/)
Fiorano SOA Platform (http://www.fiorano.com/products/fsoa/products_fioranosoa.php)
Active Endpoints ActiveVOS (http://www.activevos.com/)
OpenLink Virtuoso Universal Server (http://virtuoso.openlinksw.com/)
Parasoft BPEL Maestro (http://www.parasoft.com/jsp/products/home.jsp?product=BPEL)
PolarLake Integration Suite (http://www.polarlake.com/)
Microsoft also provides an SOA platform, although Microsoft does not use the acronym SOA as often as the other suppliers. Microsoft's SOA is built around Windows Workflow Foundation, Windows Communication Foundation, and Microsoft BizTalk (process server). In contrast to most of the other vendors, Microsoft does not support BPEL natively (yet). Microsoft BizTalk at the time of writing still uses XLANG/s, the Microsoft proprietary orchestration language. However, it allows the import and export of BPEL.
An important supporter of SOA is SAP. SAP Enterprise Service-Oriented Architecture (Enterprise SOA) has been defined by SAP as an open architecture for adaptive business solutions. Enterprise SOA is enabled by the SAP NetWeaver platform. SAP has positioned Enterprise SOA to deliver the benefits offered by service-oriented architecture, including enabling both flexibility and business efficiency. Most of SAP products, such as mySAP ERP, mySAP CRM, and mySAP SRM, are built upon Enterprise SOA.
JBoss Enterprise SOA Platform (Red Hat) (http://www.jboss.com/products/platforms/soa/)
Open ESB (https://open-esb.dev.java.net/)
ActiveBPEL Engine (http://www.activebpel.org/)
bexee BPEL Execution Engine (http://sourceforge.net/projects/bexee)
Apache Agila (http://wiki.apache.org/agila/), formerly known as Twister
In the following chapters, we will use IBM WebSphere SOA platform, including WebSphere Process Server, WebSphere Integration Developer, and WebSphere Business Modeler. Please remember that BPEL is an open specification; therefore, it does not differ between the products. BPEL code is portable between different BPEL servers. This holds true as long as you are not using some vendor-specific extensions. Therefore, in the next chapters we will first look at standard BPEL. Then, we will look at how to use BPEL using IBM WebSphere.
OASIS has been responsible for the further development of BPEL since April 2003. An OASIS Technical Committee, called WSBPEL TC, has been formed for the development of a new BPEL version, called WS-BPEL 2.0. The technical committee, which supervises and influences further development of BPEL, has many new members. This ensures that BPEL will be extended with new features and also ensures continuity of development. The number of participants involved in BPEL shows that industry support is large and still increasing. More information on WSBPEL TC can be found at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel.
In this chapter, we have become familiar with BPEL, its role in the SOA, and basic concepts related with service composition and the definition of business processes. BPEL provides a rich vocabulary for defining processes and has several features not found in programming languages. This makes BPEL the preferred choice for the composition of services. Major software vendors support BPEL and open source implementations exist. Based on the comparison with other technologies and languages, we have seen that BPEL plays an important role in service composition.
BPEL fits very well into the SOA and with BPEL and we can define executable business processes and abstract business processes. Executable processes are the most important and allow us to define the exact order in which services are composed.
In the next chapter, we will look at BPEL and learn how to define a BPEL process.