WS-BPEL 2.0 for SOA Composite Applications with Oracle SOA Suite 11g

4 (1 reviews total)
By Matjaz B. Juric , Marcel Krizevnik
    Advance your knowledge in tech with a Packt subscription

  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Introduction to BPEL and SOA

About this book

Business Process Execution Language (BPEL, aka WS-BPEL) has become the de-facto standard for orchestrating services in SOA composite applications. BPEL reduces the gap between business requirements and applications and allows for better alignment between business processes and underlying IT architecture. BPEL is for SOA what SQL is for databases. Therefore learning BPEL is essential for the successful adoption of SOA or the development of composite applications. Although BPEL looks simple at first sight, it hides its large potential and has many interesting and advanced features. If you can get familiar with these features - you can maximize the value of SOA.

This book provides a comprehensive and detailed coverage of BPEL, one of the centerpieces of SOA. It covers basic and advanced features of BPEL 2.0 and provides several real-world examples. In addition to BPEL specification the book provides comprehensive coverage of BPEL support in Oracle SOA Suite 11g, including security, transactions, human workflow, process monitoring, automatic generation of BPEL from process models, dynamic processes, and more.

This book starts with an introduction to BPEL, its role with regard to SOA and the process-oriented approach to SOA. The authors give short descriptions of the most important SOA platforms and BPEL servers—the run time environments for the execution of business processes specified in BPEL—and compare BPEL to other business process languages. The book will then move on to explain core concepts such as invoking services, synchronous and asynchronous processes, partner links, role of WSDL, variables, flows, and more.Moving ahead you will become familiar with fault handling, transaction management and compensation handling, scopes, events and event handlers, concurrent activities and links. The authors also discuss the business process lifecycle, correlation of messages, dynamic partner links, abstract business processes and mapping from BPMN to BPEL.

The book presents in detail, how to use BPEL with Oracle SOA Suite 11g PS2. It explains the development of BPEL and SCA assemblies, and demonstrates different approaches with some practical examples. It addresses security, transaction handling, and human workflow. Then, the book addresses entity variables, notification services, fault management framework, and business events in BPEL. It provides exhaustive coverage of monitoring BPEL processes and developing dashboards with Oracle BAM. It explains how to use BPEL processes with Oracle Service Bus and Oracle Service Registry. Using examples, the book also demonstrates how to transform business process models in BPMN (using Business Modeler) to BPEL, how to achieve round-tripping using BPA Suite and BPM Suite, and how to use Oracle Enterprise Repository to govern BPEL processes. The book also covers the complete BPM lifecycle from modeling through implementation, execution, monitoring, and optimization and presents advanced, real-world examples.

Publication date:
September 2010


Chapter 1. Introduction to BPEL and SOA

BPEL (Business Process Execution Language for Web Services, also WS-BPEL, BPEL4WS) is a language used for the composition, orchestration, and coordination of Web Services. It provides a rich vocabulary for expressing the behavior of business processes. In this chapter, we will introduce BPEL, define its role with regard to Service-Oriented Architecture (SOA), and explain the process-oriented approach to SOA and the role of BPEL. We shall also provide short descriptions of the most important BPEL servers the run‑time environments for the execution of business processes specified in BPEL. We will also compare BPEL to other business process languages. In this chapter, we will:

  • Discuss the role of business processes and their automation

  • Discuss business and IT alignment

  • Examine SOA, its concepts, and BPEL

  • Look at the SOA building blocks, such as services, Enterprise Service Bus, Registry and Repository, Human Task Support, Process Monitoring, Rule Engine, and Adapters

  • Mention SOA governance

  • Look at BPEL features

  • Distinguish between Orchestration and Choreography

  • Examine the relation of BPEL to other languages

  • Overview BPEL Servers and SOA platforms

  • Discuss the future of BPEL

Why business processes matter

Enterprise applications and information systems have become fundamental assets to companies. Companies rely on them to be able to perform business operations. Enterprise information systems can improve the efficiency of businesses through the automation of business processes. The objective of almost every company is that the applications it uses should provide comprehensive support for business processes. This means that applications should align with business processes closely.


A business process is a collection of coordinated service invocations and related activities that produce a business result, either within a single organization or across several.

Although this requirement does not sound very difficult to fulfill, real-world situations show us a different picture. Business processes are usually dynamic in nature. Companies have to improve and modify, act in an agile manner, optimize and adapt business processes to their customers, and thus improve the responsiveness of the whole company. Every change and improvement in a business process has to be reflected in the applications that provide support for them.

It is most likely that companies have to live with very complex information system architectures consisting of a heterogeneous mix of different applications that have been developed over time using different technologies and architectures. These existing applications (often called legacy applications) are a vital asset in each company and core business usually depends on them. Replacing them with newly developed applications would be very costly and time consuming and usually would not justify the investment.

On the other hand, existing applications have several limitations. Probably the most important fact is that the majority of older applications have been developed from the functional perspective and have addressed the requirements of a single domain. Therefore, such applications typically do not provide support for the whole business process. Rather they support one, or a few activities, in a process. Such applications provide support for certain functions or tasks only. For an information system to provide complete support for business processes, it has to be able to use the functionalities of several existing applications in a coordinated and integrated way.

The consequence is that users need to switch between different applications to fulfill tasks and also perform some tasks manually. The flow of the tasks is in the heads of users, not in the information system, and this has several disadvantages, such as:

  • Limited insight into the way business activities are performed

  • Difficulties in tracing current status and progress

  • Difficulties in monitoring key performance indicators

Existing applications have often been developed using older technologies, languages, and architectures, which are by definition less flexible to change. Tightly coupled applications, constructed of interrelated modules, which cannot be differentiated, upgraded, or refactored with a reasonable amount of effort, place important limitations on the flexibility of such applications. This is why such applications are sometimes called stovepipe applications.

Let us summarize on one side we have the business system, which consists of business processes. Business processes define the order of activities and tasks that produce a specific business result. Business processes have to be flexible in order to adapt to customer requirements, to market demand, and to optimize operations.

On the other side, we have the information system with multiple existing applications. Existing applications have important business logic implemented, which a company relies upon to perform business operations. Existing applications are also difficult to modify and adapt because they have not been developed in a flexible way that would allow modifying application parts quickly and efficiently. This is shown in the following figure:


Why business processes matter

Enterprise applications and information systems have become fundamental assets to companies. Companies rely on them to be able to perform business operations. Enterprise information systems can improve the efficiency of businesses through the automation of business processes. The objective of almost every company is that the applications it uses should provide comprehensive support for business processes. This means that applications should align with business processes closely.


A business process is a collection of coordinated service invocations and related activities that produce a business result, either within a single organization or across several.

Although this requirement does not sound very difficult to fulfill, real-world situations show us a different picture. Business processes are usually dynamic in nature. Companies have to improve and modify, act in an agile manner, optimize and adapt business processes to their customers, and thus improve the responsiveness of the whole company. Every change and improvement in a business process has to be reflected in the applications that provide support for them.

It is most likely that companies have to live with very complex information system architectures consisting of a heterogeneous mix of different applications that have been developed over time using different technologies and architectures. These existing applications (often called legacy applications) are a vital asset in each company and core business usually depends on them. Replacing them with newly developed applications would be very costly and time consuming and usually would not justify the investment.

On the other hand, existing applications have several limitations. Probably the most important fact is that the majority of older applications have been developed from the functional perspective and have addressed the requirements of a single domain. Therefore, such applications typically do not provide support for the whole business process. Rather they support one, or a few activities, in a process. Such applications provide support for certain functions or tasks only. For an information system to provide complete support for business processes, it has to be able to use the functionalities of several existing applications in a coordinated and integrated way.

The consequence is that users need to switch between different applications to fulfill tasks and also perform some tasks manually. The flow of the tasks is in the heads of users, not in the information system, and this has several disadvantages, such as:

  • Limited insight into the way business activities are performed

  • Difficulties in tracing current status and progress

  • Difficulties in monitoring key performance indicators

Existing applications have often been developed using older technologies, languages, and architectures, which are by definition less flexible to change. Tightly coupled applications, constructed of interrelated modules, which cannot be differentiated, upgraded, or refactored with a reasonable amount of effort, place important limitations on the flexibility of such applications. This is why such applications are sometimes called stovepipe applications.

Let us summarize on one side we have the business system, which consists of business processes. Business processes define the order of activities and tasks that produce a specific business result. Business processes have to be flexible in order to adapt to customer requirements, to market demand, and to optimize operations.

On the other side, we have the information system with multiple existing applications. Existing applications have important business logic implemented, which a company relies upon to perform business operations. Existing applications are also difficult to modify and adapt because they have not been developed in a flexible way that would allow modifying application parts quickly and efficiently. This is shown in the following figure:


Business and IT alignment

The business system usually evolves with a different pace to that of the information system. Over time, this has resulted in an important loss of alignment between the business system and the information system. This has resulted in applications that do not fully support business tasks, and which have again hindered the evolution of business processes. The consequence has been less flexible and adaptable organizations with less competitive power in the market. Only companies where applications can be quickly and efficiently adapted to changing business needs can stay competitive in the global market.

The loss of alignment between the business and IT has a name IT gap. An IT gap is a common occurrence in almost every company. It is mainly a consequence of the inability of application developers to modify and adapt the applications to business requirements quickly and efficiently.

The main reason probably hides in the fact that in the past neither programming languages and technologies nor architectural design could have anticipated changes. Existing applications had been designed to last. They had been developed in a tightly coupled fashion, which makes changes to specific parts of applications very difficult. Because of dependencies such changes usually have several, often unpredictable, consequences. In addition to the complexity and size of the modification, an important factor is also the state of the application being modified. If an application has a well-defined architecture and has been constructed keeping in mind future modifications, then it will be easier to modify. However, each modification to the application makes its architecture less robust with respect to future changes. Applications that have been maintained for several years and have gone through many modifications usually do not provide robust architecture anymore (unless they have been refactored constantly). Modifying them is difficult, time consuming, and often results in unexpected errors.

Modifying existing applications therefore requires time. This means that an information system cannot react instantly to changes in business processes rather it requires time to implement, test, and deploy the modifications. This time is sometimes referred to as the IT gap time. It is obvious that the gap time should be as short as possible. However, in the real world this is (once again) not always the case.

We have seen that there are at least three important forces that have to be considered:

  • Alignment between the business and IT, which is today seen as one of the most important priorities.

  • Complexity of existing applications and the overall IT architecture. Modifying them is a complex, difficult, error-prone, and time-consuming task.

  • Indispensability of existing applications. Companies rely upon existing applications and very often their core business operations would be jeopardized if existing applications fail.

This makes the primary objective of information systems to provide timely, complete, and easy to modify support for business processes even more difficult to achieve.


Service-Oriented Architecture

We have seen that the lack of alignment between business and IT is a common occurrence in almost every company. Achieving the alignment by modifying existing applications is in most cases not successful for two reasons:

  • Complexity of the IT architecture, which makes modifying existing applications difficult and time consuming

  • Existing applications must not fail because companies rely on them for everyday business.

The alignment of business and IT is very difficult to achieve using traditional approaches. However, if a mediation layer between the business and the information system is introduced, the alignment between business and IT becomes more realistic meet the Service-Oriented Architecture.

To manage problems related to changing requirements, developments in technology, and integration of different methods have been proposed and used over time. A Service-Oriented Architecture is the latest architectural approach related to the integration, development, and maintenance of complex enterprise information systems.

SOA is not a radically new architecture, but rather the evolution of well-known distributed architectures and integration methods. Integration between applications has evolved from early days into well-defined integration methods and principles, often referred to as Enterprise Application Integration (EAI). EAI initially focused on the integration of applications within enterprises (intra-EAI). With the increasing need for integration between companies (business-to-business), the focus of EAI has been extended to inter-EAI.

SOA improves and extends the flexibility of earlier integration methods (EAI) and distributed architectures, and focuses on the reusability of existing applications and systems, efficient interoperabilities and application integrations, and the composition of business processes out of services (functionalities) provided by applications. An important objective of SOA is also the ability to apply changes in the future in a relatively easy and straightforward way.

SOA defines the concepts, architecture, and process framework, to enable the cost-efficient development, integration, and maintenance of information systems by reducing complexity, and stimulation of integration and reuse. Let us look at the definition of SOA, as provided by Bernhard Borges, Kerrie Holley, and Ali Arsanjani:

SOA is the architectural style that supports loosely coupled services to enable business flexibility in an interoperable, technology-agnostic manner. SOA consists of a composite set of business-aligned services that support a flexible and dynamically re-configurable end-to-end business processes realization using interface-based service descriptions.

The following figure shows SOA as a mediator that aligns business and IT more closely. The end-to-end automation of business processes with BPEL fills the gap towards the business system. The services fill the gap towards the information system.

A Service-Oriented Architecture has several goals, but the two most important goals are to:

  • Provide end-to-end automation of business processes. To achieve end-to-end automation of business processes, SOA introduces a special language BPEL (Business Process Execution Language).

  • Provide a flexible, adaptable IT architecture, where applications are modularized, consolidated, decoupled, and where business logic is contained in autonomous, encapsulated, loosely coupled, and reusable components called services.

Let's look at these two goals more closely.


From the perspective of business systems, it is important that IT provides applications that support business processes from the beginning to the end (or end-to-end). Such support however has to be flexible, so that business processes can be modified quickly.

In SOA this is achieved by introducing a specialized language for business process execution BPEL. BPEL is the most popular, commonly accepted specialized language for business process automation, and the main topic of this book. BPEL is a special language, designed to execute business processes using a special server the process server. BPEL promises to achieve the holy grail of enterprise information systems to provide an environment where business processes can be developed in an easy and efficient manner, directly executed, monitored, and quickly adapted to the changing needs of enterprises without too much effort.


Achieving adaptable and flexible IT architecture is another important objective of SOA. SOA enables us to develop a modular, loosely coupled architecture which can overcome the difficulties of existing architectures.

The end-to-end automation of business processes can only be successful if sound, robust, and reliable applications are available underneath. This goal can only be achieved by developing a flexible architecture, where applications consist of modules. In SOA, modules are called services.

Services should be autonomous and be able to work in different contexts. They should be reusable and loosely coupled. They should be encapsulated and expose the operations through interfaces. Finally, the application architecture should be consolidated, which means that for a specific functionality only one service should exist.

In SOA, services become the main building blocks of the overall IT architecture. Services guide us into good development practices and away from monolithic, tightly coupled applications. They enable better and more efficient integration. Services enable us to modify and adapt the applications faster, with less effort, and with less negative consequences.

Services are also the main building blocks of BPEL processes. They are the executable artifacts. Those services that expose high-level, coarse-grained operations are called business services. The operations in business services usually represent distinct business activities. They are used in business processes; more exactly, BPEL uses business services to execute process activities. In other words, BPEL processes are compositions of business services. Business services provide the functionality, while BPEL processes contain the process flow.

Business services should be designed in a reusable manner, which means that a single business service can be used by more than one BPEL process. It also means that only one business service with the same functionality should exist in the system, which leads to consolidation.


Although services in SOA are one of the most important building blocks, we should not forget about the architecture. Services will fulfill the promises only if they adhere to the architecture. Architectural design should therefore be the key priority.

How to develop services

There are several possibilities in which we can develop services. They are:

  • Developing services from scratch. This is appropriate for functionalities that are new and not yet covered by existing applications.

  • Exposing the functionality of existing applications through services. It is particularly important to reuse the logic in existing applications and to integrate new solutions with existing applications. Today, several possibilities exist for exposing existing applications through services, such as facades, adapters, mediators, and so on.

  • Using services provided by a third party.

The ability to expose existing applications is particularly important because it enables those who will adopt SOA, to reuse their existing IT assets. Existing applications have an enormous amount of business logic, which should be exposed and reused. SOA provides a standardized way to expose and access the functionalities (business logic) of existing applications through services.

From the technical perspective, services can be developed using a variety of distributed architectures. The requirement to expose the functionalities of applications and access them remotely has resulted in several distributed architectures and middleware products over time. The latest distributed architecture is Web Services. Web Services are the most suitable distributed architecture for exposing the functionality of applications as services.

SOA concepts

SOA is more than just a set of technologies. SOA is not directly related to any technology, although it is most often implemented with Web Services. Web Services are the most appropriate technology for SOA realization. However, using Web Services is not adequate to build SOA. We have to use Web Services according to the concepts that SOA defines.

The most important SOA concepts are:

  • Services and service abstraction

  • Self-describing, standardized interfaces with coarse granulation

  • Exchange of messages

  • Support for synchronous and asynchronous communication

  • Loose coupling

  • Reusability

  • Service registries and repositories

  • Quality of Service

  • Composition of services into business processes


Services provide business functionalities, such as an application for business travel, an application for a loan, and so on. This differs considerably from technology-oriented functionalities, such as retrieving or updating a table in a database. Services in SOA must provide business value, hide implementation details, and be autonomous. They should be abstract and autonomous. Service consumers are software entities, which call the service and use its functionality.


Service consumers access the service through its interface. The interface of a service defines a set of public operation signatures. The interface is a contract between the service provider and a service consumer. The interface is separated from the implementation, is self-describing, and platform independent. Interface description provides a basis for the implementation of the service by the service provider and a basis for the implementation of the service consumers. Each interface defines a set of operations. In order to define business services, we need to focus on the correct granulation of operations, and we should standardize interfaces. SOA services are best modeled with coarse granulation.


Operations are defined as a set of messages. Messages specify the data to be exchanged and describe it in a platform- and language-independent way using schemas. Services exchange only data, which differs considerably from object-oriented and component approaches, where behavior (implementation code) can also be exchanged. Operations should be idempotent (an operation is idempotent if repeated invocations have the same effect as one invocation). WSDL is a service description language that meets SOA criteria.

Synchronicity Service consumers access services through the service bus. This can be either a transport protocol, such as SOAP, or an ESB. Service consumers can use synchronous or asynchronous communication modes to invoke the operations of services. In synchronous mode, a service operation returns a response to the service consumer after the processing is complete. The service consumer has to wait for the completion. Usually we use the synchronous mode with operations in order to complete processing in a short time. In an asynchronous mode, a service operation does not return a response to the consumer, although it may return an acknowledgement so that the consumer knows that the operation has been invoked successfully. If a response is needed, usually a callback from the service to the consumer is used. In such a scenario, a correlation between messages is needed.

Loose Coupling

Through the self-describing interfaces, coarse granulation, exchange of data structures, and support for synchronous and asynchronous communication modes, a loose coupling of services is achieved. Loosely coupled services are services that expose only the necessary dependencies and reduce all kinds of artificial dependencies. This is particularly important when services are subject to frequent changes. Minimal dependencies assure us that there will be minimal number of changes required to other services when one service is modified. Such an approach improves robustness, makes systems more resilient to change, and promotes the reuse of services.


SOA is about the consolidation of functionalities. Therefore, the common goal is to have a single service for each business functionality. In other words, we should not allow having more than one service with equal or similar functionalities. To achieve this it is essential to reuse services in different contexts. Reuse is not easy to achieve. First, we have to develop services that are general enough to be useful in different scenarios. Second, developers should first look at existing services, before developing a new one. If an existing service fulfills the need, they should reuse it. Reuse is fostered by registries and repositories.

Registries and repositories

To simplify and automate searching for the appropriate service, services are maintained in service registries, which act as directory listings. Service providers publish services in registries; service consumers look up the services in the registries. Lookup can be done by name, service functionality, or business process properties. UDDI is an example of a service registry. Service registries can improve reuse. In addition to registries, repositories are becoming important for storing artifacts, such as WSDL interfaces, XML schemas, and so on. Registries and repositories play an important role in SOA governance.

Quality of Service

Services usually have associated Quality of Service attributes. Such attributes include security, reliable messaging, transaction, correlation, management, policy, and other requirements. The infrastructure must provide support for these attributes. Quality of Service attributes are often important in large information systems. In Web Services, Quality of Service attributes are covered by WS-* specifications, such as WS-Security, WS-Addressing, WS-Coordination, and so on. Quality of Service is also provided by the ESB.

Composition of services into business processes

The final, and probably the most important, SOA concept is the composition of services into business processes. Services are composed in a particular order and follow a set of rules to provide support for business processes. The composition of services allows us to provide support for business processes in a flexible and relatively easy way. It also enables us to modify business processes quickly and therefore provide support to changed requirements faster and with less effort. For composition, we will use a dedicated language, BPEL, and an engine on which business process definitions will be executed. Only when we reach the level of service composition can we realize all the benefits of SOA.


SOA building blocks

Let us now have a closer look at the SOA building blocks that enable us to realize the above-mentioned concepts:

  • BPEL: This is for business process automation with service composition.

  • Services: This is for achieving modular and flexible architecture. For service development, Web Services technology is usually used.

  • Enterprise Service Bus (ESB): This provides a means for services and processes to communicate, and enables management and control over the communication. ESB is the backbone of SOA.

  • Registries and repositories: These are central directories of services and useful for locating and reusing services, as well as SOA governance.

  • Human task support: Business processes often involve human interaction. SOA supports human interactions in different ways, such as WS-HumanTask and BPEL4People. Human task support is related to Identity Management.

  • Process monitoring or Business Activity Monitoring (BAM): This allows the monitoring of the execution of processes, such as total execution time, average execution time, execution time of certain activities, and so on. It also allows us to monitor the Key Performance Indicators (KPIs), which is particularly interesting for management, as it allows them to understand better how the business operations perform.

  • Business Rules Management Systems (BRMS) or Rule Engine: This is a central place for managing business rules. With BRMS we can put business rules into a central location instead of hard coding them.

  • Adapters: These provide easy access not only to external systems, such as ERP, CRM, SCM, but also DBMS systems.

A very important aspect of SOA is SOA governance. SOA is a complex architecture, which has to be governed in order to be consistent. SOA governance is a set of activities related to control over services and processes in SOA. Typical activities are related to managing service portfolios and lifecycles, ensuring service consistency, and monitoring service performance.

The full architecture of SOA is shown in the following figure:

The next figure shows the technology view of SOA and positions the above-mentioned concepts:

Let us now add the technologies into the previous figure to understand the connection between SOA concepts and the technologies that provide a means for their realization. Notice that the mere use of a specific technology does not guarantee that we are building an SOA-compliant architecture. For example, with Web Services we can develop business services (for example, a loan application), but we can also develop technology-focused services (updating the database, for example). So, it is essential that technologies are used according to the guidelines provided by SOA concepts.

For this figure, we can have two views. The bottom-up view of SOA sees different applications exposing their functionalities through business services. This enables access to functionalities (services) of different existing and newly developed applications in a standard way. Access to services is important because a typical enterprise has a large number of applications that have to be integrated.

Developing business services, either through reuse of existing applications or by new development, is not sufficient. We also need to compose services into business processes this is the second, the top-down, or process-oriented approach to SOA. We would obviously prefer a relatively simple and straightforward way to compose and modify business processes. This is where BPEL becomes important.

BPEL for process automation

Services in SOA are composed into aggregate services. We compose services until the aggregate services provide support for the whole business processes. Business processes are thus defined as a collection of activities through which services are invoked. For the outside world (that is, for the clients) a business process looks like any other service. In real-world scenarios we will usually create two kinds of business processes those that will contain services from within the enterprise only, and those that will consume services provided by several companies. With service composition, we can use services provided by business partners in our processes, and business partners can use our services in their processes.

For example, a business process for booking business travel will invoke several services. In an oversimplified scenario, the business process will require us to specify the employee name, destination, dates, and other travel details. Then the process will invoke a service to check the employee's status. Based on the employee status, it will select the appropriate travel class. Then it will invoke the services of several airline companies (such as American Airlines, Delta Airlines, and so on) to check the airfare price and buy the one with the lowest price. The structure of services composed in the business process is shown in the following figure. In Chapter 2, we will discuss this example in detail and show how to define this process using BPEL.

From the perspective of our business process, we do not care whether the service for checking the employee status accesses a legacy system, a database directly, or retrieves the status in any other way. We also do not care whether the services of airline companies are composed of other, lower-level services. From the perspective of the client (for our business process), the client sees the process as any other service and does not care whether the process is implemented through composition of other services, or some other way. This stimulates reuse and further composition. Real-world business processes will usually be much more complicated than our example. Usually they will contain several services and invoke their operations either in sequence or in parallel. They will also contain flow logic, handle faults, take care of transactions and message correlation, and so on.

The composition of services into business processes requires the definition of collaboration activities and data-exchange messages between involved Web Services. WSDL provides the basic technical description and specifications for messages that are exchanged. However, the description provided by WSDL does not go beyond simple interactions between the client (sender) and the web service (receiver). These interactions may be stateless, synchronous, or asynchronous. These relations are inadequate to express, model, and describe the complex compositions of multiple Web Services in business activities, which usually consist of several messages exchanged in a well-defined order. In such complex compositions, synchronous and asynchronous messages can be combined, and interactions are usually long running, often involving state information that has to be preserved. An important aspect is also the ability to describe how to handle faults and other exceptional situations. Given the limitations of WSDL, we need a mechanism to describe the composition of Web Services into more complex processes.

In addition to these facts, the composition of business processes has other specific requirements, such as support for many process instances, long-running processes, compensation, and so on. All this makes the use of dedicated solutions reasonable. This is why over the years several proprietary BPM (Business Process Management) products have been developed, such as Dralasoft Workflow and TIBCO Business Process Management. The disadvantage of using proprietary BPMs is that these are traditionally niche products, sold from a top-down perspective to large business users. Such products are usually expensive and bound to a certain provider. This is why we need BPEL.


BPEL is equally important for SOA as SQL is for databases.

Web Services

Web Services are the latest distributed technology and, as we will see, the most suitable technology for the realization of SOA. They have become the commonly used technology for interoperability and the integration of applications and information systems. Web Services provide the technological foundation for achieving interoperability between applications using different software platforms, operating systems, and programming languages. They are built on XML. While XML is the de facto standard for data-level integration, Web Services are becoming the de facto standard for service-level integrations between and within enterprises.

From the technological perspective, Web Services are a distributed architecture. The distributed computing paradigm started with DCE (Distributed Computing Environment), RPC (Remote Procedure Call), and messaging systems, also called message-oriented middleware (products such as MQSeries, MSMQ, and so on). Then distributed objects and ORBs (Object Request Brokers) such as CORBA (Common Object Request Broker Architecture), DCOM (Distributed Component Object Model), and RMI (Remote Method Invocation) emerged. Based on these, component models, such as EJB (Enterprise Java Beans), COM+ (Component Object Model), .NET Enterprise Services, and CCM (CORBA Component Model) have been developed. RPC, ORBs, and component models share a similar communication model, which is based on a synchronous operation invocation. Messaging systems are based on an asynchronous communication model.

How Web Services differ from their predecessors

Web Services are similar to their predecessors, but also differ from them in several aspects. Web Services are the first distributed technology to be supported by all major software vendors. Therefore, they are the first technology that fulfills the promise of universal interoperability between applications running on disparate platforms. The fundamental specifications that Web Services are based on are SOAP (Simple Object Access Protocol), WSDL (Web Services Description Language), and UDDI (Universal Description, Discovery, and Integration). SOAP, WSDL, and UDDI are XML based, making Web Services protocol messages and descriptions human readable.

From the architectural perspective, Web Services introduced several important changes compared to earlier distributed architectures:

  • Web Services support loose coupling through operations that exchange data only. This differs from component and distributed object models, where behavior can also be exchanged.

  • Operations in Web Services are based on the exchange of XML-formatted payloads. They are a collection of input, output, and fault messages. The combination of messages defines the type of operation (one-way, request/response, solicit response, or notification). This differs from previous distributed technologies. For more information, please refer to the WSDL and XML Schema specifications (XML spec: REC-xml/ and WSDL spec:

  • Web Services provide support for asynchronous as well as synchronous interactions.

  • Web Services introduce the notion of endpoints and intermediaries. This allows new approaches to message processing.

  • Web Services are stateless. They do not follow the object paradigm.

  • Web Services utilize standard Internet protocols such as HTTP (Hyper Text Transfer Protocol), SMTP (Simple Mail Transfer Protocol), FTP (File Transfer Protocol), and MIME (Multipurpose Internet Mail Extensions). So, connectivity through standard Internet connections, even those secured with firewalls, is less problematic.

Web Services technology stack

In addition to several advantages, Web Services also have a couple of disadvantages. One of them is performance, which is not as good as that of distributed architectures that use binary protocols for communication. The other is that plain Web Services do not offer infrastructure and Quality of Service (QoS) features, such as security, transactions, and others, which have been provided by component models for several years. Web Services fill this important gap by introducing additional specifications:

  • WS-Security: Addresses authentication and message-level security, and enables secure communication with Web Services.

  • WS-Coordination: Defines a coordination framework for Web Services and is the foundation for WS-AtomicTransaction and WS-BusinessActivity.

  • Transactions specifications (WS-AtomicTransaction and WS-BusinessActivity): Specify support for distributed transactions with Web Services. AtomicTransaction specifies short duration, ACID transactions, and BusinessActivity specifies longer-running business transactions, also called compensating transactions.

  • WS-ReliableMessaging: Provides support for reliable communication and message delivery between Web Services over various transport protocols.

  • WS-Addressing: Specifies message coordination and routing.

  • WS-Inspection: Provides support for the dynamic introspection of web service descriptions.

  • WS-Policy: Specifies how policies are declared and exchanged between collaborating Web Services.

  • WS-Eventing: Defines an event model for asynchronous notification of interested parties for Web Services.

Because of their flexibility, interoperability, and other features, Web Services are regarded as the most appropriate technology for exposing the functionalities of applications as services and are therefore the most appropriate technology for realization of SOA. Because of their wide support by all major software vendors, Web Services provide the possibility to use the same technology to expose services implemented in a variety of different applications ranging from mainframe-based legacy applications to the modern multitier applications.

Enterprise Service Bus

While Web Services are an appropriate technology for SOA, some other aspects need to be considered, such as:

  • In most enterprises, Web Services are not the only middleware solution used. Usually enterprises already have one or more middleware products, such as messaging systems and ORBs. Enterprises cannot afford to replace them overnight with Web Services. Therefore, there is a need to integrate different middleware products, and provide interoperability with Web Services.

  • In order to provide connectivity between services, the use of SOAP in complex environments is not adequate. In such environments, we need ways to connect, mediate, manage, and control the services and particularly the communication between them.

  • SOAP over HTTP might not be robust enough for heavy enterprise use. Enterprise information systems require dependable, robust, and secure service infrastructure.

The ESB is the software infrastructure, acting as an intermediary layer of middleware that addresses the above-mentioned requirements. An ESB adds flexibility to the communication between services, and simplifies the integration and reuse of services. An ESB makes it possible to connect services implemented in different technologies (such as EJBs, messaging systems, CORBA components, and legacy applications) in an easy way. An ESB can act as a mediator between different, often incompatible protocols and middleware products.

The ESB provides a robust, dependable, secure, and scalable communication infrastructure between services. It also provides control over the communication and control over the use of services, including:

  • Message interception capabilities: This allows us to intercept requests to services and responses from services, and apply additional processing to them. In this manner, the ESB acts as an intermediary.

  • Routing capabilities: This allows us to route the messages to different services based on their content, origin, or other attributes.

  • Transformation capabilities: These allow us to transform messages before they are delivered to services. For XML-formatted messages, such transformations are usually done using XSLT (Extensible Stylesheet Language Transformations) or XQuery engines.

  • Control over the deployment, usage, and maintenance of services: This allows logging, profiling, load balancing, performance tuning, charging for use of services, distributed deployment, on-the-fly reconfiguration, and so on.

  • Other important management features: These include the definition of correlation between messages, definition of reliable communication paths, definition of security constraints related to messages and services, and so on.

ESB features

The ESB enables the communication and management of services, along with providing answers related to the usage of services in complex enterprise information systems. In such environments, support for the centralized, declarative, and well-coordinated management of services and their communication is required. Because of existing middleware, the integration of different middleware products and interoperability with other services is required.

The ESB is important because it represents the communication backbone for services. Using ESB for communication, we can get rid of point-to-point connections between services and processes. ESB also simplifies the transition between development, test, and production environments.

The most important features of ESB are service routing, transformation and enhancement, protocol transformation, service mapping, security, and Quality of Service.

  • Message routing enables us to route messages to a specific service provider in a declarative manner based on the message content, user type, channel, or other rules.

  • Message transformation enables us to transform the input and output messages. Usually this is related to XML transformation using XSLT.

  • Message enhancement enables us to add data to the message or remove data, so that they conform to the requirements of the service provider and service consumer.

  • Protocol transformation is the ability to automatically transform the protocol based on the service provider and service consumer preferences. For example, a service consumer might use SOAP, while the service uses JMS. Protocol transformation can also optimize performance and switch to an optimized protocol for collocated services.

  • Service mapping enables us to map a service to a specific service implementation. This is usually an extension of WSDL bindings.

  • Security enables us to secure services and the transportation layer used for the exchange of messages. For securing services, authentication and authorization are important; for securing the exchange of messages, encryption is usually applied.

  • Quality of Service allows us to define specific parameters of service communication, such as reliability, bandwidth, availability, and so on. Quality of Service assurance is the baseline for the definition of Service Level Agreements (SLAs).

Currently, there are several products in the market that claim to provide ESB functionality. A good ESB should provide at least Quality of Service support at enterprise level, including reliability, fault-tolerance, and security. If provided by an ESB, services can depend on these features and do not need to implement them themselves. The ESB should also allow the configuration of any combination of these Quality of Service features and provide flexibility.

An ESB should provide support for a variety of technologies on which services are implemented. In addition to Web Services, an ESB should provide connectors for a broad range of technologies, such as Java EE and .NET components, messaging middleware, legacy applications, and TP monitors. The ESB needs to provide flexibility to bind any combination of services without technological constraints. It should also support a combination of different interaction models, such as queuing, routing, and so on, without changing the services or requiring code writing.

An ESB should make services broadly available. This means that it should be easy to find, connect, and use a service irrespective of the technology it is implemented in. With a broad availability of services, an ESB can increase reuse and can make the composition of services easier. Finally, an ESB should provide management capabilities, such as message routing, interaction, and transformation, which we have already described.

An ESB that provides these features becomes an essential part of the SOA. It provides several benefits, including increased flexibility, reduced deployment, development, and maintenance costs, along with increased reliability and manageability.

The following figure shows the relation between BPEL, ESB, and services:

Registry and repository

We have already seen that SOA consists of services and processes. The more applications that we implement following SOA concepts, the more services we will have. Managing services becomes a challenging task. This includes aspects such as:

  • How many services do we have?

  • Does a service with a specific functionality already exist?

  • Where is the service deployed?

  • Which versions of the service exist?

  • Who are the consumers (clients) of a specific service?

  • What is the interface definition (WSDL) of a service?

Registries and repositories help to answer these and similar questions. They have become an essential part of each SOA architecture. Registries and repositories are used to register services in a central location. Once registered, we can search and locate appropriate services. The more metadata about a service we include, the better search capabilities a registry and repository can provide.

A rule of thumb is that once we have more than 50 services we will desperately start needing the registry and repository. However, sometimes it might be wise to introduce it from the beginning because once developers get used to a certain development process, it will be very difficult to change their behavior.

In addition to the above-mentioned questions, registries and repositories play an important role in service reuse. Somewhat simplifying things, reuse on a service level means that we compose executable processes (in BPEL) and reuse as many services as possible instead of developing them from scratch.

Registries and repositories also play an important role in the deployment process. In professional development it is usual to have three environments development, test, and production. When an application is ready for production use, this requires that it is deployed into the production environment. The controlled deployment of processes requires that a process starts to use a production version of services instead of development or test versions. If links to services are hard coded into the BPEL processes, such migrations can be very painful, as it might (in a worst-case scenario) require the manual change of URL addresses. When deploying a service we might want to know which processes use this service because we might want to retest those processes.

The understanding of the role of registries and repositories in SOA has changed considerably over the years. A few years ago, we believed that a relatively simple registry, UDDI, would cover all the needs. Today, we have identified that a registry alone is not powerful enough for SOA because in many cases it makes sense to store service metadata as well (WSDL interfaces, XSD schemas, and so on).Therefore, today we talk about registries and repositories.

A powerful registry and repository should have the following features:

  • Classification capabilities to categorize and classify services and processes based on one or more classification schemas. This simplifies queries and enables easier locations for the most appropriate services for reuse.

  • Governance functions that should enable the definition of proprietary service/process lifecycles, together with the conditions to go from one stage of the lifecycle to another. Stage transitions can trigger automatic actions, such as validators.

  • Access control that defines who can do which operations on the registry and repository, and on the registered services/processes. Such access control could be based on XACML (eXtensible Access Control Markup Language).

  • User, programming, and administration interfaces.

Registries and repositories also play an important role in SOA governance.

Human task support and identity management

Business processes often involve human interaction. SOA, therefore, has to provide support for human tasks. Human tasks are sometimes called user interactions. Human tasks in business processes can be simple, such as approving certain tasks or decisions, or complex, such as delegation, renewal, escalation, nomination, or chained execution. Task approval is the simplest, and probably the most common, human task. If the situation is more complex, a business process might require several users to make approvals, either in sequence or in parallel. In sequential scenarios, the next user often wants to see the decision made by the previous user. Sometimes, (particularly in parallel human tasks) users are not allowed to see the decisions taken by other users. This improves the decision potential. Sometimes one user doesn't even know which other users are involved, or whether any other users are involved at all.

A common scenario for involving more than one user is escalation. Escalation is typically used in situations where an activity doesn't fulfill a time constraint. In such a case, a notification is sent to one or more users. Escalations can be chained, going first to the first-line employees and advancing to senior staff if the activity is not fulfilled.

Sometimes it's difficult or impossible to define in advance which user should perform an interaction. In this case, a supervisor might manually nominate the task to other employees; the nomination can also be made by a group of users or by a decision-support system.

In other scenarios, a business process may require a single user to perform several steps that can be defined in advance or during the execution of the process instance. Even more-complex processes might require that one workflow is continued with another workflow.

Human tasks can include data entries or process management issues, such as process initiation, suspension, and exception management. This is particularly true for long-running business processes, where, for example, user exception handling can prevent costly process termination and related compensation for those activities that have already been successfully completed.

As a best practice for human tasks, it's usually not wise to associate human tasks directly to specific users. It's better to connect tasks to roles and then associate those roles with individual users. This gives business processes greater flexibility, allowing any user with a certain role to interact with the process and enabling changes to users and roles to be made dynamically. To be able to do this, we need to have an identity management system, where users, roles, and groups are managed. This can be a simple LDAP or a more sophisticated system.

To interleave human tasks with BPEL processes we can use a workflow service, which interacts with BPEL processes using standard WSDL interfaces, as any other service. This way, the BPEL process can assign user tasks and wait for responses by invoking the workflow service using the same syntax as for any other service. The BPEL process can also perform more complex operations such as updating, completing, renewing, routing, and escalating tasks.

To standardize the explicit inclusion of human tasks in BPEL processes the BPEL4People (WS-BPEL Extension for People) specification has been proposed. BPEL4People introduces people activities and people links into BPEL. People activity is a new BPEL activity used to define user interactions, in other words, tasks that a user has to perform. For each people activity, the BPEL server must create work items and distribute them to users who are eligible to execute them. To specify human tasks the WS-Human Task specification has been proposed.

Process Monitoring or Business Activity Monitoring

One of the key elements for process control is Process Monitoring or Business Activity Monitoring (BAM). The key objective of BAM is to provide a complete insight into business process execution. BAM allows for the monitoring of KPIs, such as total execution time, average execution time, the execution time of certain activities, and so on. This allows us to better understand how the business processes perform.


Business Activity Monitoring is the real-time observation of key performance indicators.

The most important component of BAM is time. Time is crucial because BAM shows the actual near real-time information on process execution. This way, a company can react quickly and efficiently to changes reflected through process execution.

BAM solutions can provide other useful information. They can show us how many process instances are active at a specific time, how long on average it takes to complete a process, which users (employees) have started how many process instances, and so on.

Note that BAM is not related to automatic activities (those implemented by services) only. It can be used with human activities as well. In such a case, we can use BAM to observe the productivity of employees.

BAM is not only a system that displays interesting information about processes, but also consolidates data gathered from different, often independent sources. Connecting these data with past data enables BAM to identify critical situations in process execution or even automatically or semi-automatically solve some frequent critical problems. The ultimate goal of each BAM user is to optimize the process execution, to improve the process efficiency, and to sense important events and react.

The BAM user interface (dashboard) should be simple and present information and data in an easy and understandable way. It should hide all the complexity behind the scenes. Usually a typical BAM user interface uses graphical elements, graphs, and colors to present the data. The next screenshot shows an example of a BAM user interface:

In the previous screenshot, we can see the BAM dashboard showing different important information for decision makers. In addition to the dashboard, another important part of the BAM is the decision-support module. A module such as this can use decision methods, business intelligence, or simulations for support and can help decision makers take the right decision at the right time, which can improve business efficiency.

Business Rules Management Systems (BRMS) or Rule Engine

Business rules are part of almost every business application. Experiences have shown that business rules change, sometimes very often. Today, business rules are usually coded into different applications and are tightly coupled with the implementation of an application system. Changing business rules is therefore often very difficult and requires modifications to applications. Each modification requires that the developer change the code. After that, testing and deployment has to be done.

The same business rules are often implemented in several applications. Therefore, if a rule changes, the major challenge becomes to identify which applications this business rule is coded into and to modify each application where such a rule has been used.

Business rules are also very common in business processes. Business Rules Management Systems (BRMS) or Rule Engines are meant to provide a central location for storing, executing, and managing business rules. Instead of hard-coding business rules into the executable code (whether BPEL, Java, C#, and so on), we place business rules into the BRMS, where:

  • Business rules can be reused from different processes, services, and applications

  • User-friendly interfaces exist, which enable us to change and modify business rules


Adapters in SOA are meant to simplify the integration with external systems, such as ERP, CRM, SCM, and others. Without adapters we would need to manually expose functionality out of such systems, for example by developing corresponding Web Services. As such systems usually have rich functionalities, it would require a considerable amount of time and effort to develop the integration interfaces and services. Additionally, when such a system is upgraded, we would need to modify the integration services.

Adapters automate this procedure and provide tools to integrate with such systems in an easy way. Examples of adapters are adapters for SAP, Oracle, PeopleSoft, Salesforce, or some other popular system. Adapters are also useful for accessing database data directly. Such adapters automate the development of data services. Examples include adapters for Oracle, DB2, SQL Server, and so on.

Adapters differ in the level of sophistication. The simplest adapters are just API wrappers that expose the interfaces of the external systems as a service (usually as a web service). More sophisticated adapters can have smart fault handling mechanisms, can capture events on both sides, allow synchronous and asynchronous interactions, take care of load balancing, performance, scalability, security, and so on.

When deploying an SOA platform, it makes sense to check whether it provides adapters for the systems that we have deployed in our information system. With adapters, accessing the functionality of such systems will most likely be much simpler than without.

Service Component Architecture

So far we have seen that SOA applications are composite applications that consist of several components, such as services, BPEL processes, ESB mediation, rules, adapters, and so on. All these components have to work together and support one or more composite applications.

Service Component Architecture (SCA) defines a programming model for composite SOA applications. SCA is based on the idea of service composition (orchestration). SCA provides a model for the composition of services and for the creation of service components, including the reuse of existing applications within SCA composites.

The basic building blocks of SCA are components. Every SCA application is built from one or more components. Components can be implemented in a programming language, such as Java, C++, C, or they can be implemented as BPEL processes. SCA provides a generalized definition of a component.

Components offer their business functions for use by other components as services. Implementations may depend on services provided by other components. Such dependencies are called references. Implementations can have properties through which the business function can be influenced. The component configures the implementation by providing values for the properties and by wiring the references to services provided by other components. An SCA component is represented as follows:

Service components are assembled into applications, called composites. Composites can contain components, services, references, properties, and wiring. Composites themselves can also be used as components and can provide services. They can depend on references and expose properties.

Composites can be used within other composites. This allows a hierarchical construction of composite business applications, where high-level services are implemented by sets of lower-level services. The following example shows an SCA composite:

Composites are deployed within an SCA Domain. An SCA Domain represents an area of business functionality with the related services. The SCA Domain diagram is shown in the next figure:

We will use the SCA and composites in Chapter 4, when we start to develop composite applications.

SOA governance

SOA governance is a set of related activities for exercising control over services and processes in SOA. SOA is a distributed architecture where applications consist of services and processes. The objective of SOA governance is assurance that all services and processes within an information system will adhere to the overall architecture. SOA governance has to address many different aspects, among them:

  • Services and processes must follow specific guidelines, best practices, and patterns

  • Services should not be duplicated

  • Services are reused and reusable

  • The portfolio of services is managed, including the development of new services and modifications of existing services

  • Versioning of services and processes is defined

  • Service lifecycle is defined

  • Deployment practices are defined

  • Consistency of services is monitored

  • Quality of Services is ensured

SOA governance is an essential element of a successful SOA implementation. Without governance, SOA will most likely fail to deliver its value to the stakeholders. To learn more about SOA governance, have a look at SOA Governance by Todd Biske, Packt Publishing.


Understanding BPEL

The general adoption of business process automation solutions requires a standard foundation and a specialized language for composing services into business processes that provide the ability to express business processes in a standardized way, using a commonly accepted language. BPEL is such a language and is quickly becoming the dominant standard. The main goal of BPEL is to standardize the process of automation between Web Services.


With BPEL we can define business processes that make use of services and business processes that externalize their functionality as services.

Within enterprises, BPEL is used to standardize enterprise application integration and extend the integration to previously isolated systems. Between enterprises, BPEL enables easier and more effective integration with business partners. BPEL stimulates enterprises to further define their business processes, which in turn leads to business process optimization, re-engineering, and the selection of the most appropriate processes, thus further optimizing the organization. Definitions of business processes described in BPEL do not influence existing systems. BPEL is the key technology in environments where functionalities already are, or will be, exposed via Web Services. With increases in the use of web service technology, the importance of BPEL will rise further.

IBM, BEA, and Microsoft developed the first version of BPEL in August 2002. Since then SAP and Siebel have joined in, which has resulted in several modifications and improvements and the adoption of version 1.1 in March 2003. In April 2003, BPEL was submitted to OASIS (Organization for the Advancement of Structured Information Standards) for standardization purposes, where the WSBPEL TC (Web Services Business Process Execution Language Technical Committee) has been formed. Many vendors have joined the WSBPEL TC ( since. This has led to even broader acceptance in industry. In April 2007, BPEL version 2.0 was approved by OASIS after quite a long preparation period.

BPEL represents a convergence of two early workflow languages WSFL (Web Services Flow Language) and XLANG. WSFL was designed by IBM and is based on the concept of directed graphs. XLANG was designed by Microsoft and is a block-structured language. BPEL combines both approaches and provides a rich vocabulary for the description of business processes.


In this book, we will use BPEL version 2.0.

BPEL uses an XML-based vocabulary to specify and describe business processes. BPEL version 2.0 utilizes the WSDL 1.1, XML Schema 1.0, XPath 1.0, and XSLT 1.0 specifications. Familiarity with them is helpful for learning BPEL.

BPEL features

With BPEL we can define simple and complex business processes. To a certain extent, BPEL is similar to traditional programming languages. It offers constructs, such as loops, branches, variables, assignments, and so on that allow us to define business processes in an algorithmic way. BPEL is a specialized language focused on the definition of business processes. It is an execution language for business processes, not a modeling language. Therefore, on one hand it offers constructs, which make the definition of processes relatively simple and on the other hand, it is less complex than traditional programming languages, which simplifies learning.

The most important BPEL constructs are related to the invocation of services. BPEL makes it easy to invoke operations of services either synchronously or asynchronously. We can invoke operations either in sequence or in parallel. We can also wait for callbacks. BPEL provides a rich vocabulary for fault handling, which is very important, as robust business processes need to react to failures in a smart way. BPEL also provides support for long-running process and compensation, which allows undoing partial work done by a process that has not finished successfully. Listed below are the most important features that BPEL provides. With BPEL we can:

  • Describe the logic of business processes through composition of services

  • Compose larger business processes out of smaller processes and services

  • Handle synchronous and asynchronous (often long-running) operation invocations on services, and manage callbacks that occur at later times

  • Invoke service operations in sequence or parallel

  • Selectively compensate completed activities in case of failures

  • Maintain multiple long-running transactional activities, which are also interruptible

  • Resume interrupted or failed activities to minimize work to be redone

  • Route incoming messages to the appropriate processes and activities

  • Correlate requests within and across business processes

  • Schedule activities based on the execution time and define their order of execution

  • Execute activities in parallel and define how parallel flows merge based on synchronization conditions

  • Structure business processes into several scopes

  • Handle message-related and time-related events

Orchestration and choreography

Depending on the requirements, the composition of services can address private or public processes, for which the following two terms are used:

  • Orchestration

  • Choreography

In orchestration, a central process takes control over the involved services and coordinates the execution of different operations on the services involved in the operation. This is done as per the requirements of the orchestration. The involved services do not know (and do not need to know) that they are involved in a composition and that they are a part of a higher business process. Only the central coordinator of the orchestration knows this, so the orchestration is centralized with explicit definitions of operations and the order of invocation of services. Orchestration is usually used in private business processes and is schematically shown as follows:

Choreography, on the other hand, does not rely on a central coordinator. Rather, each service involved in the choreography knows exactly when to execute its operations and whom to interact with. Choreography is a collaborative effort focused on the exchange of messages in public business processes. All participants of the choreography need to be aware of the business process, operations to execute, messages to exchange, and the timing of message exchanges. Choreography in services composition is as shown in the following figure:

From the perspective of composing services to execute business processes, orchestration has an advantage over choreography. Orchestration is a more flexible paradigm, although the line between orchestration and choreography is vanishing. Orchestration has the following advantages:

  • We know exactly who is responsible for the execution of the whole business process

  • We can incorporate services, even those that are not aware that they are a part of a business process

  • We can also provide alternative scenarios when faults occur

BPEL provides support for orchestration and choreography through executable and abstract business processes.

Executable and abstract processes

With BPEL, we can describe business processes in two distinct ways:

  • We can specify the exact details of business processes. Such processes are called executable business processes and follow the orchestration paradigm. They can be executed by an orchestration engine.

  • We can specify the public message exchange between parties only. Such processes are called abstract business processes. They do not include the internal details of process flows and are not executable. They follow the choreography paradigm.

Executable business processes are processes that comprise a set of existing services and specify the exact algorithm of activities and input and output messages. Such processes are executable by BPEL engines. Executable processes are important because they are the direct answer to the problem of business process automation through IT that we have discussed earlier in this chapter. With BPEL executable processes, we are able to specify the exact algorithm of service composition in a relatively simple and straightforward way, and execute it on a BPEL-compliant engine. Executable processes fill the gap between the business process specifications and the code responsible for their execution.

When we define an executable business process in BPEL, we actually define a new web service that is a composition of existing services. The interface of the new BPEL composite web service uses a set of port types, through which it provides operations like any other web service. To invoke an executable business process, we have to invoke the resulting composite web service. You can see that executable business processes are the most important way of using BPEL. In the majority of cases, BPEL is used to specify executable processes.

Abstract business processes, on the other hand, are not executable. They specify public message exchange between parties only the externally observable aspects of process behavior. The description of the externally observable behavior of a business process may be related to a single service, or a set of services. It might also describe the behavior of a participant in a business process. Abstract processes will usually be defined for two scenarios:

  • To describe the behavior of a service without knowing exactly in which business process it will take part

  • To define collaboration protocols among multiple parties and precisely describe the external behavior of each party

Abstract processes are rarely used. The most common scenario is to use them as a template to define executable processes. Abstract processes can be used to replace sets of rules usually expressed in natural language, which are often ambiguous. In this book, we will first focus on executable processes and come back to abstract processes in Chapter 3.


Relation of BPEL to other languages

BPEL is not the only language for business process execution. Before we start discussing the technical aspects of BPEL, let us overview the relation of BPEL to other languages. Recently, several orchestration and choreography languages have been proposed. The most important orchestration languages include:

  • XLANG and the new version XLANG/s from Microsoft

  • WSFL (Web Services Flow Language) from IBM

  • BPML (Business Process Modeling Language) from, the Business Process Management Initiative

  • BPSS (Business Process Specification Schema), part of the ebXML framework

  • YAWL (Yet Another Workflow Language), an open source workflow language

The most important choreography languages include:

  • WSCL (Web Services Conversation Language) from HP, submitted to W3C

  • WSCI (Web Services Choreography Interface), co-developed by Sun, SAP, BEA, and Intalio and submitted to W3C

  • WS-CDL (Web Services Choreography Description Language), at the time of writing a W3C Candidate Recommendation

In addition to orchestration and choreography languages, which have primarily been designed to provide machine executable representations of business processes, we also have to mention the business process modeling notations. These are used to define business process models and are essential for BPM (Business Process Management). The most popular and well-known is the BPMN (Business Process Modeling Notation). BPMN is becoming an important part of SOA.

The following figure shows a timeline of the mentioned languages, as they have been developed:

We have already mentioned that BPEL represents a convergence of XLANG and WSFL and it shares and further develops the concepts of those languages. In the following sections we will briefly describe these languages.


XLANG has been one of the early orchestration languages. It has been developed with the objective of achieving clear separation between processes and implementations. It is a Microsoft proprietary language and not fully documented. It has been used in Microsoft BizTalk. XLANG and its successor XLANG/s can be viewed as messaging languages with some of the expression capabilities of C#. However, code is not portable between XLANG/s and C#.

XLANG/s specifies high-level constructs that are used to define and execute business processes. The semantics embodied in XLANG/s are a reflection of those defined in BPEL. Although XLANG is thought of as a predecessor of BPEL, Microsoft continues to use XLANG/s in their BizTalk Server. Instead of moving to BPEL in BizTalk, Microsoft provides a conversion between XLANG/s and BPEL.


WSFL is also one of the early XML-based orchestration languages. It has been developed by IBM to be a part of the Web Services technology stack. WSFL supports two types of service compositions. First is the flow model, which specifies the exact interactions between services (a process). Such a flow model is executable. The second type is the global model, which specifies the overall interaction of services and is abstract. This is very similar to BPEL-executable and abstract processes.

As we have already mentioned, WSFL has, together with XLANG, provided a basis for BPEL. Unlike Microsoft, IBM has moved to BPEL as their main language for service composition and provides full support for BPEL in their various products, such as in IBM WebSphere Process Server.


BPML has been developed by (Business Process Management Initiative). Intalio has played an important role, and has been the initiator of BPML. BPML is a meta-language for modeling business processes and provides an abstract execution model for describing collaborations and transactions. It defines a formal model for expressing abstract and executable processes, and supports:

  • Data management

  • Conformity

  • Exception handling

  • Operation semantics

BPML can describe a process in a specific language, defined on top of the extensible BPML scheme. Business processes are defined as groups of flows (control flows, data flows, and event flows). Formatting features, security rules, and transactional contexts can also be defined. BPML offers support for synchronous and asynchronous distributed transactions and can be used for the process components of existing applications.

Comparing BPML to BPEL shows that both share similar roots in Web Services and leverage other Web Services specifications, particularly WS-Security, WS-Coordination, and WS-Transactions. BPML, however, supports modeling more complex business processes through its support for advanced semantics such as nested processes and complex compensated transactions. BPML can therefore be regarded as a superset of BPEL. The extensions of BPEL with business rules, task management, human interactions, and so on are defined in BPXL (Business Process eXtension Layers).

The fact that both BPEL and BPML share the same idioms and have similar syntax has resulted in BPML being discontinued in favor of BPEL. BPEL has over the years gained much broader support by software vendors than BPML.


Electronic Business using eXtensible Markup Language (ebXML) is a framework that provides a set of technologies, BPSS being one of them. ebXML has been developed under the initiative of OASIS and UN/CEFACT and consists of the following technologies:

  • Messaging: Uses SOAP with attachments for communication between partners.

  • Registry and repository: Similar to UDDI registry, but offers additional functionality through the repository.

  • Core components: Used for construction of business documents.

  • CPP (Collaboration Protocol Profile): Used to express a partner profile.

  • CPA (Collaboration Protocol Agreement): Used to express an agreement between partners.

  • BPSS: Used for the specification of business processes.

BPSS covers the same domain as BPEL. The BPSS approach to process specification follows the choreography pattern and is therefore comparable to abstract BPEL processes. In addition to specifying the process logic, BPSS also specifies the communication protocol details.

BPSS is designed around the concept of business transactions, which is, however, not fully conformant with the Web Services Transactions specifications. A BPSS business transaction is used to describe the message exchange between two abstract roles the sender and the responder. Each message consists of an XML document and optional attachments, which can be XML or binary. For each responding message, we specify whether it is a positive or negative message. Each message is associated with a business transaction protocol. Collaboration in BPSS can be bilateral or multi-party and is described by the business transaction protocol.

We can see that BPSS is not a direct alternative to BPEL and is used in environments where ebXML is applied. For more information on ebXML, refer to the following books:

  • ebXML: Concepts and Application by Brian Gibb and Suresh Damodaran, John Wiley & Sons

  • ebXML: The New Global Standard for Doing Business over the Internet by Alan Kotok and David RR Webber, SAMS

  • ebXML Simplified: A Guide to the New Standard for Global E‑Commerce by Eric Chiu, John Wiley & Sons


YAWL has been developed by Eindhoven University of Technology and Queensland University of Technology. Subsequently, several companies have contributed to the language. The objective of YAWL has been to develop a language that would support workflow patterns with a formal specification. YAWL is based on Petri nets. The formal semantics of YAWL enables the static analysis of the language, which is supported by a tool. The language itself is supported by software that is developed as open source under an LGPL. It includes the execution engine, graphical editor, and an application for human tasks.

Similar to BPEL, YAWL is an executable language for processes (workflows). The main advantage of YAWL is its support for workflow patterns. The major difference is how both languages have been developed. BPEL has been driven by a standardization committee under OASIS and has gained large industry support. Today, most major vendors provide support for BPEL. YAWL on the other hand, has only one implementation. More on YAWL can be found on


WSCL has been developed by HP. In contrast to previously mentioned languages, WSCL has focused on the choreography aspect rather than on the orchestration. It has been designed to describe business-level conversations or public processes, supported by corresponding services. WSCL specifies the XML documents being exchanged, and the allowed sequencing of these document exchanges. WSCL is not a direct alternative to BPEL, as it does not support executable process orchestrations, as BPEL does. It is somehow similar to BPEL abstract processes.

HP has submitted WSCL to W3C, where it has become a W3C Note in 2002. Since then it has not gained much support from software vendors, therefore WSCL does not play an important role in SOA. The WSCL specification is accessible at


WSCI version 1.0 has been developed by Sun, BEA, SAP, and Intalio. WSCI is a choreography language for describing the flow of messages exchanged by Web Services in the context of a process. It allows us to describe the observable behavior of a web service in a message exchange. WSCI also describes the collective message exchange among interacting Web Services, providing a global and message-oriented view of a process involving multiple Web Services.

In WSCI, message exchange is described from the viewpoint of each web service. Each exchange can be qualified by message correlations, transaction descriptions, and location capabilities. WSCI therefore describes the observable behavior of Web Services. However, WSCI does not address the definition of the processes driving the message exchange. It also does not address the definition of the internal behavior of each web service.

Since WSCI follows the choreography pattern and does not address defining executable business processes, it compares directly only to BPEL abstract processes. WSCI has a cleaner interface, which makes it a little easier to learn than BPEL. The WSCI specification has also been submitted to W3C, which has published it as a W3C Note. Further, W3C has formed a WS-Choreography working group, which will address the choreography of Web Services, but has only released the requirements specification so far.

WSCI has not gained industry support comparable to BPEL. The industry consensus seems to support BPEL. The WSCI specification is accessible at


WS-CDL is a language for specifying the choreography of collaborating services. It targets the composition of interoperable collaborations between services. With WS-CDL we can specify the peer-to-peer collaboration of Web Services through the definition of their observable behavior. We can define sets of rules that define how, and in what order, different services should act together. Such specification provides a flexible systemic view of the process.

WS-CDL is positioned as a complementary language to BPEL (and other business process languages). While BPEL focuses on the behavior specification of a specific business partner, WS-CDL focuses on the description of message interchanges between business partners. WS-CDL provides the global model needed by BPEL processes to ensure that the behavior of endpoints is consistent across all cooperating services.

A business partner can use the WS-CDL choreography specification to verify if their internal processes have their outside behavior defined in a way that will allow them to participate in choreography. WS-CDL choreography specifications can be used to generate public interfaces, for example, specified using BPEL abstract processes. WS-CDL specifications are also useful at runtime to verify the execution of message exchange between business partners.

As WS-CDL is a complementary language to BPEL we cannot make a direct comparison. However, WS-CDL differs considerably from BPEL. With WS-CDL we define the message flows exchanged by all partners, while with BPEL we focus on message flow and the behavior of a specific partner that is, on the internal behavior of a business process. The WS-CDL description of message flows is done from a general perspective, while BPEL specifies message exchange from the point of view of a specific partner. A BPEL process specifies activities that are executed. WS-CDL specifies reactive rules, which are used by all participants of a collaboration.

At the time of writing, WS-CDL has been a W3C Candidate Recommendation, dated 9 November 2005. Since then WS-CDL has not gained much industry support, as no major vendor supports it. At the time of writing, only two small vendors provided tools. The WS-CDL specification is accessible at


BPMN is a graphical notation for specifying business processes. It is the most comprehensive notation for process modeling so far. BPMN has initially been developed by BPMI. In 2005, BPMI merged with OMG (Object Management Group). The current version of BPMN is 1.2. BPMN version 2.0 is currently a work in progress.

We use BPMN to draw business process diagrams. Such diagrams present the activities and tasks of a process and their relations. The diagram uses flowchart concepts to represent the logic of business processes.

BPMN is a graphical-visual language and uses a set of graphical elements. Activities are represented as rectangles and decisions are diamonds. BPMN successfully joins the simplicity of the diagrams with the expressive power, which allows BPMN to be used for complex processes and specification of details.

To model the diagrams, BPMN defines four categories of elements:

  • Flow objects, which are activities, events, and gateways. Activities can be tasks or subprocesses. Events can be triggers or results. Three types of events are supported start, intermediate, and end. Gateways control the divergence of sequential flows into concurrent flows and their convergence back to sequential flow.

  • Connecting objects are used to connect together flow objects. Connectors are sequence flows, message flows, and associations.

  • Swim lanes are used to organize activities into visual categories in order to illustrate different responsibilities or functional capabilities. Pools and lanes can be used for swim lanes.

  • Artifacts are used to add specific context to the business processes that are modeled. Data objects are used to show how data is produced or required by the process. Groups are used to group together similar activities or other elements. Annotations are used to add text information to the diagram. We can also define custom artifacts.

BPMN can be used to model parts of processes or whole processes. Processes can be modeled at different levels of fidelity. BPMN is equally suitable for internal (private) business processes and for public (collaborative) business-to-business processes.

The most important goals when designing BPMN have been:

  • To develop a notation that will be useful and understandable at all levels of BPM. In business process modeling, different people are involved, from business users, business analysts, process owners, to the technical architects and developers. The goal of BPMN has been to provide a graphical that, which is simple to understand, but powerful enough to model business processes into the required details.

  • The semantic gap between the business process models and the information technology (application software) has been quite large with existing technologies. There has been no clear definition of how one relates to the other. The goal of BPMN has been to enable automatic transformation into the executable code into BPEL and vice-versa. Therefore, BPMN has been designed specifically to provide such transformation.

Particularly because of the ability to automatically transform BPMN process models in executable BPEL processes, BPMN today plays an important role in SOA development. Modeling of a business process using BPMN is usually the first step. After the model is complete, such a process is transformed into BPEL to be executed on a process server. Today several tools for major vendors such as Oracle and IBM provide such automatic transformation, usually in both directions, which enables round-tripping between model (BPMN) and executable process representation (BPEL).

For more information on BPMN, refer to the following:

  • Business Process Driven SOA using BPMN and BPEL by Matjaz B. Juric and Kapil Pant, Packt Publishing

  • BPMN Specification,


BPEL servers overview

BPEL servers provide a runtime environment for executing BPEL business processes. Today BPEL servers are usually part of the SOA platform, which in addition to the BPEL server includes other elements of a complete SOA environment application server, ESB, registry and repository, human tasks support, process monitoring, BRMS (Rule Engine), and adapters. Often a development environment is included and sometimes a process modeling tool is also available. Most advanced SOA platforms support the automatic translation of business models into executable BPEL processes.

Most SOA platforms have been developed on top of modern software platforms, particularly Java Enterprise Edition and Microsoft .NET. BPEL servers leverage Java Enterprise Edition or .NET application server environments, where they can make use of the services provided by application servers, such as security, transactions, scalability, integration with databases, components such as EJBs (Enterprise Java Beans) and COM+ (Component Object Model), messaging systems such as JMS (Java Message Service) or MSMQ (Microsoft Message Queue), and so on.

The most important commercial SOA platforms with BPEL servers are listed below:

Microsoft also provides an SOA platform, although Microsoft does not use the acronym SOA as often as the other suppliers. Microsoft's SOA is built around Windows Workflow Foundation, Windows Communication Foundation, and Microsoft BizTalk (process server). In contrast to most of the other vendors, Microsoft does not support BPEL natively (yet). Microsoft BizTalk, at the time of writing, still uses XLANG/s, the Microsoft proprietary orchestration language. However, it allows for the import and export of BPEL.

An important supporter of SOA is SAP. SAP Enterprise Service-Oriented Architecture (Enterprise SOA) has been defined by SAP as "an open architecture for adaptive business solutions". Enterprise SOA is enabled by the SAP NetWeaver platform. SAP has positioned Enterprise SOA to deliver the benefits offered by service-oriented architecture, including enabling both flexibility and business efficiency. Most of SAP products, such as mySAP ERP, mySAP CRM, and mySAP SRM, are built upon Enterprise SOA.

There are also a few open source implementations:

In the following chapters we will use Oracle SOA Suite platform, including JDeveloper and Oracle BPEL Process Manager. Please keep in mind however that BPEL is an open specification therefore it does not differ between the products. BPEL code is portable between different BPEL servers. This holds true as long as you are not using some vendor-specific extensions. Therefore, in the next chapters we will first look at standard BPEL. Then, we will look how to use BPEL using Oracle SOA Suite.


The future of BPEL

OASIS has been responsible for the further development of BPEL since April 2003. An OASIS technical committee, called WSBPEL TC, has been formed for the development of a new BPEL version, called WS-BPEL 2.0. The technical committee, which supervises and influences further development of BPEL, has many new members. This ensures that BPEL will be extended with new features and also ensures continuity of development. The number of participants involved in BPEL shows that industry support is large and still increasing. More information on WSBPEL TC can be found at



In this chapter, we have become familiar with BPEL, its role in the SOA, and basic concepts related to service composition and the definition of business processes. BPEL provides a rich vocabulary for defining processes and has several features not found in programming languages. This makes BPEL the preferred choice for composition of services. Major software vendors support BPEL and open source implementations exist. Based on comparison to other technologies and languages, we have seen that BPEL plays an important role in service composition.

BPEL fits very well into the SOA, and with BPEL, we can define executable business processes and abstract business processes. Executable processes are the most important and allow us to define the exact order in which services are composed.

In the next chapter, we will look at BPEL and learn how to define a BPEL process.

About the Authors

  • Matjaz B. Juric

    Matjaz B. Juric holds a PhD in computer and information science. He is a full-time professor at the University of Ljubljana and heads the Cloud Computing and SOA Competence Centre ( Matjaz is an Oracle ACE Director and has been designated Java Champion and IBM Champion. He has more than 20 years of work experience.

    He has authored and coauthored Do More with SOA Integration: Best of Packt, WS-BPEL 2.0 for SOA Composite Applications with IBM WebSphere 7, Oracle Fusion Middleware Patterns, Business Process Driven SOA using BPMN and BPEL, Business Process Execution Language for Web Services (both English and French editions), BPEL Cookbook (which was awarded the best SOA book in 2007 by SOA World Journal), SOA Approach to Integration, Professional J2EE EAI, Professional EJB, J2EE Design Patterns Applied, and Visual Basic .NET Serialization Handbook.

    He has published chapters in More Java Gems, Cambridge University Press, and in Technology Supporting Business Solutions, Nova Science Publishers, Inc. His work has also been published in several journals and magazines and presented at conferences.

    Browse publications by this author
  • Marcel Krizevnik

    Marcel Krizevnik is a researcher at the University of Maribor where he is preparing a Ph.D. in computer and information science. Marcel started his career as a software developer of chemistry information systems. Now, his main research areas are service-oriented architecture and cloud computing. He is also a member of SOA Competency Center and Cloud Computing Center. In the last three years, he has been involved in several SOA technology projects.

    Browse publications by this author

Latest Reviews

(1 reviews total)
Muito bom. Muito bom. Muito bom.
WS-BPEL 2.0 for SOA Composite Applications with Oracle SOA Suite 11g
Unlock this book and the full library for FREE
Start free trial