Fill and Sign the Aarp Assignment of Benefits Form

FAA SWIM Program SOA Best Practices –Industry Input March 2008 Acknowledgements The Federal Aviation Administration has requested industry input on best practices of using Service Oriented Architecture (SOA) for the FAA SWIM program. GEIA is a trade association that includes many industry partners who support the FAA, and GEIA formed a working group to prepare this whitepaper in response to the FAA request. Thanks to the following people for contributing to this whitepaper: Doc. Version: Editor: Contributors: 7 (03/24/2008) Steve Prescott Organization Oracle Lockheed Martin Computer Sciences Corp. Boeing Harris IBM Raytheon SITA Nortel Participants Steve Prescott Mike Yeganeh Thani Sokka Jim Simmons Al Secen Vic Church Sherry Yang John Dockendorf Keith Bourke Chris Hulett Mike Moomaw Eric Rolfe Ed Stevens Kathy Kearns Mansour Rezaei-Mazinani Steve McAllister About GEIA GEIA develops and distributes forecasts of the Federal marketplace, creates best-practice industry standards, and maintains a committee structure through which its 100-plus members work with representatives of FAA and other Federal agencies on matters of mutual concern. In 2008, GEIA will be merging with the Information Technology Association of America (ITAA) and assuming the ITAA name. GEIA contact: Dan C. Heinemeier, CAE President Government Electronics and Information Technology Association 2500 Wilson Boulevard, Arlington, VA 22201 www.geia.org 703-907-7565 FAA SWIM: SOA Best Practices –Industry Input (GEIA) Page i Table of Contents 1 2 Preface: Scope of Recommendations....................................................... 1 FAA SWIM Objectives............................................................................ 2 2.1 2.2 2.3 3 Purpose and Scope .............................................................................................. 2 Program Objectives............................................................................................. 3 Design Objectives ............................................................................................... 5 Service Oriented Architecture.................................................................. 6 3.1 SOA Framework ................................................................................................. 6 3.2 SOA Benefits ...................................................................................................... 8 3.2.1 Benefits To FAA Business Operations ....................................................... 8 3.2.2 Benefits To FAA Technology Operations ................................................ 10 4 Solution Architecture ............................................................................. 11 4.1 FAA Solution Vision ........................................................................................ 11 4.1.1 Service Container Concept ....................................................................... 13 4.2 Industry Solution Architecture.......................................................................... 14 4.2.1 Capability #1: Interface Management....................................................... 15 4.2.2 Capability #2: Messaging ......................................................................... 16 4.2.3 Capability #3: Security ............................................................................. 17 4.2.4 Capability #4: Enterprise Service Management ....................................... 18 4.3 SOA Design Considerations ............................................................................. 19 4.3.1 Registry ..................................................................................................... 19 4.3.2 Enterprise Service Bus.............................................................................. 19 4.3.3 Legacy Integration .................................................................................... 21 4.3.4 Security ..................................................................................................... 22 4.3.5 Orchestration............................................................................................. 24 4.3.6 Infrastructure Management....................................................................... 25 5 Best Practices ......................................................................................... 26 5.1 SOA Maturity Model ........................................................................................ 26 5.2 Business Process Management ......................................................................... 27 5.3 Building a Service Portfolio.............................................................................. 28 5.3.1 Service Profiling ....................................................................................... 28 5.3.2 Service Categories .................................................................................... 29 5.3.3 Service Granularity ................................................................................... 30 5.4 Design Patterns ................................................................................................. 31 5.5 Standards-based Integrated Solutions ............................................................... 32 5.6 Federal SOA Guidelines ................................................................................... 33 6 Appendices ............................................................................................. 34 6.1 6.2 Glossary ............................................................................................................ 34 FAA SWIM Acronyms ..................................................................................... 36 FAA SWIM: SOA Best Practices –Industry Input (GEIA) Page ii Figures Figure 1: SOA Reference Architecture.............................................................................. 6 Figure 2: SOA Framework –Service Categories .............................................................. 7 Figure 3: SOA Benefits to an IT Organization ................................................................ 10 Figure 4: SWIM Federated Enterprise Architecture........................................................ 11 Figure 5: SWIM Architecture with Core Services........................................................... 12 Figure 6: SWIM Segment 1 Core Capabilities ................................................................ 12 Figure 7: GEIA SOA Architecture for SWIM ................................................................. 14 Figure 8: Security Standards............................................................................................ 23 Figure 9: SOA Maturity Model........................................................................................ 26 Figure 10: Business Process Management –Lifecycle.................................................... 27 Figure 11: Service Categories.......................................................................................... 29 Figure 12: Federal SOA Guidelines................................................................................. 33 FAA SWIM: SOA Best Practices –Industry Input (GEIA) Page iii 1 Preface: Scope of Recommendations This whitepaper aims to address two large topics:  SWIM: FAApr og r a mf or“ Sy s t e m Wi deI nf or ma t i onMa na g e me nt ”  SOA: As of t wa r ei ndus t r yf r a me wor kc a l l e d“ Se r vi c eOr i e nt e dAr c hi t e c t ur e ” Each of these topics is large –and still evolving –and much discussion ensued among this pa pe r ’ sa ut hor sa r oundt hea ppr opr i a t es c opet oc ove r .Ty pi c a lque s t i oni nc l ude d: Will this piece of the solution fall in Segment-1 or some future Segment? Who will implement this piece: the SWIM program or the Implementing Programs? Will SWIM be a single enterprise-wide SOA solution or a federated model? Does this contradict established practice among organizations supporting FAA? Which SOA benefits will the FAA use: just system-interfaces or others such as Business Process Modeling, Workflow Orchestration, and Business Activity Monitoring? These are good questions, and the answers are often still evolving along with SWIM and SOA. Consequently, this whitepaper takes the following two steps to address this ambiguity:  Br oad“Be s tPr ac t i c e s ” Because the FAA seeks industry input on SOA Best Practices, artificially limiting the recommendations in time (Segment-1 vs. Segment-2) or by implementer (SWIM vs. SIP) would under-serve that request. SWIM, the SIPs, and the eventual NextGen program have long planning horizons (20+ years), and SOA will benefit many elements of this overall NAS community over this planning horizon. Consequently, this paper initially takes a very broad scope of describing SOA best practices for the full NAS community, not necessarily just for the SWIM program or just for Segment-1.  “Cl os e rLook”Mar gi nalI ndi c at or s At the same time, we recognize that the questions above are sensitive topics. SWIM does not want to threaten existing program with a major re-engineering of the NAS, and many of the SIPs have strong feelings about what capabilities are in-scope for their individual programs vs. in-s c opef oraSWI M“ ove r l a y ”c a pa bi l i t y . To address this sensitivity throughout the paper, certain sections will include a marginal note indicating that this particular section requires further analysis regarding the proper place and way for the NAS community to implement the recommendations. Here is an example: A Closer Look: This topic merits additional discussion among FAA stakeholders regarding the proper time and place to incorporate these ideas into the overall FAA modernization vision –a si ndi c a t e di nt hewhi t e pa pe r ’ sPr e f a c e . FAA SWIM: SOA Best Practices –Industry Input (GEIA) 1 2 FAA SWIM Objectives 2.1 Purpose and Scope Over the next ten to fifteen years, air traffic in the United States (and the world) will change radically. There will be more traffic, perhaps three times as much. The resources of the National Airspace System (NAS) will not expand to keep pace, so greater efficiency in using the NAS will be required. There will be changes in flight patterns and strategies, such as reliance on regional airports and both larger and smaller aircraft. There will be changes in air navigation, communications, and integrated planning, involving both government and industry. In the face of these changes, the FAA needs to modernize and expand its capabilities to maintain the safety and efficiency of US aviation. Neither the volume of airspace nor the number of runways can grow as fast as air traffic. The operational and technological changes needed to increase NAS capacity constitute the Next Generation Air Transport System, or NextGen. The changes will include more detailed and rigorous flight planning, more autonomous flight operations, and new roles for air traffic controllers (such as management by exception). NextGen will require improved common situational awareness, integration of air traffic management and control, consistent use of weather data and forecasts for flight planning, and better coordination of responses to adverse conditions. All of this requires that FAA systems become more integrated with each other and with other air traffic stakeholders. The US Government is planning for change through the Joint Program Development Office (JPDO), which oversees the evolution of NextGen concepts. The FAA is a key participant in the JPDO, which also includes Defense, Commerce, and Homeland Security. NextGen operational improvements depend on enhanced information exchanges and integration of FAA systems. Historically, FAA systems have been built to solve specific When implemented, SWIM problems. Information sharing has occurred through will allow information negotiation of point-to-point interfaces between pairs of systems. Once defined, each interface is expensive and producers and consumers to time-consuming to change. System evolution is constrained exchange data in a secure, by the number of tightly coupled interfaces and varied robust, standards-based, modernization schedules. To streamline the evolution and loosely-coupled modernization process, the FAA has developed the System environment. Wide Information Management (SWIM) concept to support loosely coupled, many-to-many data exchange interfaces. When implemented, SWIM will allow information producers and consumers to exchange data in a secure, robust, standards-based, loosely coupled environment. The FAA has established a Program Office to perform the engineering and acquisition of the SWIM environment. One of the critical early decisions was to use a service-oriented architecture (SOA) model for the environment. SWIM will be deployed in Segments (stages), with the first segment planned for the 2008-2012 timeframe. A second early decision was that FAA SWIM: SOA Best Practices –Industry Input (GEIA) 2 Segment 1 would be implemented by existing NAS programs (starting with ERAM) following standards and guidance defined by the SWIM PO. This SOA Best Practices report will assist the Program Office to construct that guidance. It will identify industry best practices based on SOA programs in other contexts (government and commercial, and describe them in terms of application to SWIM goals. The remainder of this section discusses SWIM Program goals, design objectives, and high-level use cases for SWIM. Section 2 will address the benefits expected from SWIM use of the SOA model. The general goals of SWIM, shared by many FAA initiatives, are to improve the efficiency and usability of the NAS and to deliver enhanced value to stakeholders (NAS users, the public at large, FAA organizations and employees). The specific goals include improved sharing of information (leading to better decision-making and operational effectiveness), improved systems integration (reducing functional redundancy and improving information quality), and greater flexibility to accommodate the system and operational changes required for NextGen. To achieve these goals, specific objectives are defined. 2.2 Program Objectives The SWIM Program Office (SPO) has established a two-layer framework for defining and describing program objectives. One layer is the end-user data exchange set; the other is the implementing technology. The former set is defined by NAS system communities of interest (COIs); the latter by the SPO system engineering and architecture team (with input from SWIM Implementing Programs or SIPs). COI-defined Services. The primary program objective is to implement COI-defined data exchange services using SWIM as the exchange framework. Nine services (or service families) were identified for segment 1 by the COIs as feasible and desirable using current modernization programs. New sets of services will be defined (using the COI process) for subsequent segments. All of the segment 1 services represent existing or planned interfaces among NAS systems and airspace users. The objective is to use SWIM in the implementation or modernization of the planned interfaces. Segment 1 envisions providing nine core services for three Communities of Interest:  Flight & Flow  Aeronautical Information  Weather To clarify: there is a Flight and Flow COI (focused on flight operations and traffic flow management); this COI defined a Flight Data Publication Service (FDPS) as one of the nine Segment 1 capabilities. The data exchanges identified in the FDPS reflect publication of the Flight Object concept developed by the Enroute Automation Modernization (ERAM) program. ERAM will publish the flight objects to a variety of integrating systems; the SPO goal is to use SWIM as the implementation framework. SWIM does not require new interfaces; it provides the mechanism for development that is already required. The Segment 1 business services are defined in the SWIM Final Program Requirements (FPR): Segment 1 document dated May 23, 2007 (Revision 7.3). It identifies and describes the services in the following categories: FAA SWIM: SOA Best Practices –Industry Input (GEIA) 3  Flight and Flow Management o Flight Data Publication o Terminal Data Publication o Flow Data Publication o Runway Visual Range (RVR) Data Publication o Reroute Data Publication  Aeronautical Information Management o Special Use Area (SUA) Data Publication  Weather o Corridor Integrated Weather System (CIWS) Data Publication o Integrated Terminal Weather Service (ITWS) Data Publication o PIREP Data Publication SWIM Core Capabilities. The SWIM framework, which will be implemented in Segment 1 bye xi s t i ngNASpr og r a ms ,wi l lb ec ompr i s e doff our“ c or ec a pa bi l i t i e s ” .TheSPOwi l l provide guidance on the standards to be used and off-the-shelf software to be employed. The SWIM FPR (noted above) specifies the following core capabilities (extracted from the FPR document and slightly augmented here): Interface Management includes capabilities (Service Design-Time Environment) that enable Service Providers to expose services and Service Consumers to find services. It includes supporting capabilities such as descriptions of the services performed (typically, in a service registry) and data exchange requirements to assist in interface development. It also provides support for managing metadata such as the schemas that define the format and semantics of interface data elements. Messaging includes mechanisms (Service Run-Time Environment) supporting a variety of service invocation styles (e.g., 1- way or 2-way message exchange patterns with request/reply or publish/subscribe) and data exchange protocols. It enables reliable message delivery and message routing including the structures and metadata supporting routing and policy. Messaging capabilities can include reliable delivery allowing service consumers to receive queued messages while connected or after reconnecting to the network. It provides Quality of Service (QoS) including priority and response time. Security includes mechanisms (Service Design-Time and Run-Time Environments) to enforce security policies at the service and message level including providing authorization-based access to data and services. It ensures both Service Consumers and Service Providers can verify identities, authenticate themselves and assert access privileges via authorization; and ensures confidentiality of information exchanged while invoking and consuming services. It also protects information integrity, that is, guards against unauthorized modification of data and services. SWIM security is focused on application-level interfaces and messages consistent with enterprise SOA principles. Enterprise Service Management (Service Design-Time and Run-Time Environments) includes Governance and Monitoring. Governance manages services across all service lifecycle phases based on conformance to SWIM Policies and Guidelines in Service Design-Time. Monitoring is how NAS system ensures the key requirements are met including the ability to capture, view, and report on service performance and usage. QoS and other performance metrics are defined and measured consistent with system and service requirements and address items such as throughput, reliability, availability, latency, response time, and fault data (e.g., for isolation and repair). A secondary program objective is to have implementing programs use consistent, interoperable, off-the-shelf components in the deployment of COI services. (Off-the-shelf specifically includes both COTS and open-source software.) Different NAS program use different system platforms (hardware and software), so it is not possible to specify any single FAA SWIM: SOA Best Practices –Industry Input (GEIA) 4 “ ones i z ef i t sa l l ”c or es e r vi c e si mpl e me nt a t i on.Ac c or di ng l y ,t hi sobj e c t i vef oc us e son interoperability, to be achieved through standards and integration tools. For example, each SWIM implementing data producer will provide its own information assurance and security, and its own web service and messaging capabilities. The program objective is for those core services to be implemented consistently. To that end, the SPO will define specific elements (e.g., required added elements in SOAP packaging, and required XML schema standards for common options) that will apply to various SOA mechanisms. Specific versions of standards will be defined, as well, to avoid interoperation problems. The SPO will not, however, constrain the design choices such as when to use web services and when to use message queues. 2.3 Design Objectives As noted, one of the key design decisions for SWIM was to implement a SOA framework for information sharing. SWIM is being designed as an enterprise framework for NAS systems. As such, SWIM will require consistent approaches to service management, information assurance, service definition, service discovery, data and meta-data schema management, messaging patterns, and other aspects of information exchange. The SWIM design will be documented using FAA Enterprise Architecture-specified formalisms (e.g., selected DODAF artifacts). For core services, the SWIM design will provide a detailed plan to assure enterprise-level consistency. The design goals include:  Maximizing the use of COTS and open source software (minimizing the supported code base, minimizing maintenance costs)  Using well-established standards (e.g., not all of the WS-* standards are sufficiently mature to support robust operations)  Separating design-time and run-time capabilities (where appropriate) to permit incremental implementation of SWIM-based applications  Meeting NAS requirements for performance, reliability, maintainability, security, and so on  Reducing barriers to information sharing For COI-defined services (that is, specific applications to provide services using SWIM), the primary goal is long-term interoperability. That is, the framework design for application development is intended to permit flexibility in Segment 1 while encouraging consistency of architecture in the future. FAA SWIM: SOA Best Practices –Industry Input (GEIA) 5 3 Service Oriented Architecture 3.1 SOA Framework A Closer Look: This topic merits additional discussion among FAA stakeholders regarding the proper time and place to incorporate these ideas into the overall FAA modernization vision –a si ndi c a t e di nt hewhi t e pa pe r ’ sPr e f a c e . SOA provides a holistic mechanism to align the business and IT organizations: SOA encompasses the tools and methodologies for capturing business design, and uses that design information to help improve the business. SOA covers the programming model, tools, and techniques for implementing the business design in information systems. SOA contains the middleware infrastructure for hosting that implementation. SOA encompasses the management of that implementation to ensure availability to the business and efficient use of resources in the execution of that implementation. SOA encompasses the establishment of who has authority and the processes that are used to control changes in the business design and its implementation. And ultimately, SOA accelerates the time-to-value for these benefits. While point-solutions exist in the commercial and open-source communities to fulfill subset of these capabilities, basing SWIM on such a collection of disconnected elements would impose undue cost and risk on the FAA. Instead, the FAA will benefit from basing SWIM on a SOA framework that provides a comprehensive architecture and set of offerings, technologies, and practices that address all of the above points –as illustrated in Figure 1. Figure 1: SOA Reference Architecture FAA SWIM: SOA Best Practices –Industry Input (GEIA) 6 Two bundles comprise this framework: inner services and outer services:  Inner Services are used by applications within the runtime environment  Outer Services are supporting components used in support of the core services Figure 2 provides brief descriptions of service types in these two categories. Inner Services Outer Services Service Type Description Interaction Services Provide the capabilities required to deliver IT functions and data to users, meeting their specific preferences. Process Services Provide the control capabilities required to manage the flow and interactions of multiple services in ways that implement business processes. Information Services Provide the capabilities necessary to federate, replicate and transform disparate data sources. Partner Services Provide the document, protocol, and partner management capabilities for business processes that involve interactions with outside partners and suppliers. Business Application Services Are called by service consumers. Service consumers include other components in the logical architecture such as portal or a business processes. Access Services Provide bridging capabilities between core applications, prepackaged applications, enterprise data stores and the ESB to incorporate services that are delivered through existing applications into an SOA. Enterprise Service Bus Provides an infrastructure that removes the direct connection dependency between service consumers and providers. Business Innovation and Optimization Services Are primarily used to represent the tools and the metadata structures for encoding and simulating the business design, including the business policies and objectives. Business innovation and optimization services exist in the architecture to help capture, encode, analyze and iteratively refine the business design. Development Services Encompass the entire suite of architecture tools, development tools, visual composition tools, assembly tools, methodologies, debugging aids, instrumentation tools, asset repositories, discovery agents, and publishing mechanisms needed to construct an SOA based application. IT Service Management Represe n t st h es e tofma n a g e me ntt ool su s e dt omon i t ora nor g a n i z a t i on ’ s service flows, the health of the underlying system, the utilization of resources, the identification of outages and bottlenecks, the attainment of service goals, the enforcement of administrative policies, and recovery from failures. Infrastructure Services Form the core of the information technology runtime environment used for hosting SOA applications. These services provide the ability to optimize throughput, availability, performance and management. Figure 2: SOA Framework –Service Categories FAA SWIM: SOA Best Practices –Industry Input (GEIA) 7 3.2 SOA Benefits SOA benefits two stakeholder groups: FAA business operations and IT. Below are descriptions of the benefits to each of these groups. 3.2.1 Benefits To FAA Business Operations The National Airspace System is tied together by data exchanges among mission systems. The exchange mechanisms are highly resistant to change, as they interlock components and limit flexibility. NAS systems are effective at maintaining the safety of US aviation, but not efficient in use of resources. Too often, data exists in one system and is needed in another— and there is no simple way to share it. As air traffic gets busier and more complex, the lack of efficiency becomes an acute problem. There are improvements planned, prototyped, demonstrated, but not implemented because the cost of change is so high and the pace of change is so slow. SWIM will enable flexibility and agility, and support the essential data sharing for the NAS of the future. The FPR defines the mission shortfalls and the benefits that SWIM is expected to provide, addressing those shortfalls using a SOA enterprise framework. 1. Costs to develop, test, deploy and support new interfaces and applications are too high. Costs of developing and maintaining custom point-to-point interfaces limits connectivity. SWIM enables:  Reusable, loosely coupled interfaces versus many point-to-point interfaces  Reduced time and complexity for building new applications and interfacing existing applications  Common shared services for information management replacing costly redundancies The process for defining and implementing new data interfaces is cumbersome and error prone. Each interface is designed to solve a specific problem, and this leads to mismatches for any other problem. The interface has too much, or too little, or the timing (data frequency) is wrong, or the interface uses proprietary coding. Interfaces may be optimized and tuned for a particular exchange (sometimes down to the bit level for performance reasons). Any other use of a point-to-point interface must either deal with the unique features or negotiate a generalization. The threshold for a new application to be implemented is high: either accept suboptimal data interchanges, or create new ones. The SOA approach offers tools and patterns for more generalized interfaces. A serviceoriented structure may cost more to create, but is much easier to reuse than custom interfaces. The interchange framework (e.g., web services, messaging, flexible formats built with XML) simplifies the interchange design and allows broader sharing of data. 2. The NAS is not an agile air traffic system. The NAS is difficult to dynamically adapt to special events, disruptions and changing NAS user business models. SWIM facilitates:  Greater independence of geographical facilities and operations  Easier and quicker system failure recovery  Special events planning and implementation  Automation and platform convergence consistent with the NAS Enterprise Architecture FAA SWIM: SOA Best Practices –Industry Input (GEIA) 8 SOA systems are inherently loosely coupled, and services provide separation of capability definition from its implementation. By generalizing the data sharing, SWIM will support rapid development and deployment of tools using the available data. 3. Data sharing in the NAS is labor-intensive. Agility requires rapid, widespread and cost-effective dissemination of information. The current NAS infrastructure makes this cost prohibitive.  SWIM provides the conduit so that shared data can be published once and distributed electronically. Because of the finely tuned, optimized nature of NAS interfaces (for instance, why send metadata when the sender and receiver both now the precise nature of the data?), data products requi r ee xt e ns i vepr e pa r a t i ona ndma na g e me nt .Ac a s ei npoi nti st he“ a da pt a t i onda t a ” describing the physical and logical elements of the NAS (fixes, airports, etc.) The data is provided by many sources and updated periodically. Every change requires elaborate reconciliation and formatting, reapplication of corrections, verification, and synchronized deployment. SWIM will use SOA mechanisms and patterns to streamline and automate the data management and inter-program coordination. 4. Timely access to common data is lacking in the NAS. A lack of shared situational awareness limits visibility into the current state of the NAS for NAS users and their customers.  SWIM makes published data available to all authorized users A key goal of air traffic management is ensuring that all parties use the same information in making decisions. The shared situational awareness will be enhanced by making data available on demand and in common formats to all NAS users. The cost of point-to-point interfaces reduces the sharing of information; with SOA-supported common access, SWIM facilitates adding more subscribers to data feeds. 5. The underlying tools to support becoming a performance–based organization are currently lacking. The information required to measure and monitor NAS performance is often not available; this limits the ability of the FAA to meet its goal to become a performance-based organization.  SWIM provides the mechanism so that published data can be mined for appropriate metrics. With enterprise service management and information assurance capabilities, the SWIM infrastructure will provide the data necessary for performance optimization. Enterprise SOA systems are flexible. The data sharing made possible through SOA mechanisms will accelerate the modernization of NAS systems and improve the performance of air traffic operations. FAA SWIM: SOA Best Practices –Industry Input (GEIA) 9 3.2.2 Benefits To FAA Technology Operations An IT organization comprises many distinct roles, and SOA provides different benefits to each role. Figure 3 highlights a breakdown of these SOA benefit by IT role. IT Role Information Systems Architect SOA Benefits An information systems architect will see SOA as being about two things:  SOA describes a style of Enterprise Architecture that structures artifacts in the information system as a set of services that can be composed to form other services.  SOA establishes a set of principles for loose coupling, modularity, encapsulation, re-use and composability that yields the flexibility needed to ensure the information system is able to both keep up with the rate of change demanded in the business design and become a leading driver of change to achieve better productivity, profitability and competitiveness. Systems Architect The systems architect can gain value from SOA by exploiting the tools and methodologies offered by SOA for automating the business design that remains valuable to the business over time. Application Programmers From the perspective of application programmers, SOA is a set of programming models and tools for building, accessing and assembling services that implement the business design together with a runtime that will execute those services efficiently. Programmers gain value from SOA by being more productive in creating and re-using software that is more reliable and robust in the face of the evolving business design. Operations Staff From the perspective of the operations staff, a benefit of SOA is that it enables them to implement IT changes incrementally, replacing complex chains of machine and software dependencies with modularized services that can be substituted, tailored, modified, and deployed in a granular fashion over a virtualized i nf r a s t r uc t ur e .I tma ke st heI Ts t a f f ’ swor ke a s i e rbydi vi di n g software capabilities into units of function. It provides tools that fit the skills, conceptual model, and task that an individual IT worker needs to perform, rather than requiring every IT worker to understand everything about the distributed system and its implementation. Moreover, SOA enables the operations staff to correlate capacity requirements and problem determination with the business processes being hosted on the system. From this, the operations staff can prioritize their activities to address the issues with more relevance and impact to the business. Figure 3: SOA Benefits to an IT Organization FAA SWIM: SOA Best Practices –Industry Input (GEIA) 10 4 Solution Architecture This section discusses overall SOA-based solution architecture for SWIM. To show alignment be t we e nt heFAA’ se xi s t i ngvi s i onf orSWI Ma ndt hi sne wi ndus t r yi nput ,t he discussion first pr ovi de saf ounda t i ona lr e c a poft heFAAvi s i on.Fr omt he r et hedi s c us s i onout l i ne sGEI A’ s recommendation for an overall SOA-based SWIM Architecture. Finally the discussion provides specific design recommendations on a variety of SOA elements for SWIM. 4.1 FAA Solution Vision The FAA is currently in the early stages of Segment 1 for SWIM. In August 2007 the FAA produced a slide deck titled SWIM Segment 1 Program Overview. 1 To establish an FAA foundation for the upcoming GEIA recommendations, the following brief discussion recaps three levels of detail from the FAA slides:   L e ve l1:Se g me nt1Ove r v i e w( “ e nt e r pr i s e ” )   Level 2: SWIM Architecture with Core Services   Level 3: Core Services of Segment 1 Figure 4 provides a high-level illustration of the Segment 1 overview –i.e., the enterprise wide integration of FAA systems using SWIM. FAA Systems SWIM SWIM Compliant Compliant NonNonGovernment Government System System FTI FTI SWIM SWIM Compliant Compliant Government Government System System SWIM Common Services and Standards Figure 4: SWIM Federated Enterprise Architecture The next level of detail is examining the interfaces among nodes on this overview. The FAA ha se s t a bl i s he danot i onc a l l e d“ Co r eSe r vi c e s ”a sac ons i s t e ntc a pa bi l i t ye xi s t i nga te a c hnode to provide a uniform mechanism for communicating among nodes. Figure 5 illustrates the FAA view of how Core Services fit into the overall SWIM architecture. 1 SWIM Segment 1 Program Overview, FAA slide presentation, August 2007 FAA SWIM: SOA Best Practices –Industry Input (GEIA) 11 Other LAN and Other LAN and WAN connectivity WAN connectivity for these systems for these systems C S ERAM SA WMSCR SA C S ATCSCC ARTCCs/NNCC SA SAMS CP C S SWIM FTI IP Network TFMS SA C S C S SWIM Registry Server TFM TPC/DRC at WJHTC/VNTSC CS = SWIM GFE software SA = Service Adapter NAS Boundary Protection SWIM Test Facility and Lab SA EFSTS SA ASDE-X SA FDIO SA TDLS SA RVR Terminal Facilities (Selected TRACONs & ATCTs) WJHTC To Non-NAS systems = LAN Cabling, Switches Figure 5: SWIM Architecture with Core Services Finally, the above diagram raises the question of what specific capabilities comprise these Core Services. The FAA has provided a vision for that too –reproduced in Figure 6. Interface Management Interface Specification Interface Discovery Schema Management Directory Services Policy Management Enterprise Service Management Service Monitoring Service Configuration System Monitoring Security Authentication Authorization Audit Key Messaging Reliable Messaging Publish - Subscribe SWIM Segment 1 NAS Systems Figure 6: SWIM Segment 1 Core Capabilities FAA SWIM: SOA Best Practices –Industry Input (GEIA) 12 4.1.1 Service Container Concept A Closer Look: This topic merits additional discussion among FAA stakeholders regarding the proper time and place to incorporate these ideas into the overall FAA modernization vision –a si ndi c a t e di nt hewhi t e pa pe r ’ sPr e f a c e . TheFAA’ svi s i onf orSe g me nt1ofSWI Mi nc l ude st hec onc e ptofa“ Se r vi c eCont a i ne r ”( SC) that provides certain SOA capabilities and will be distributed in nature –located at each of the SWIM Implementing Programs (SIPs). Thi sr a i s e ss e ve r a loft he“ bounda r y ”que s t i onsme nt i one di nt hi swhi t e pa pe r ’ sPr e f a c e : Which SOA elements will reside inside the Service Container? Which SOA elements will reside in the SIPs but outside their Service Containers? Which SOA elements will the FAA provide centrally? Which SOA elements will the FAA provide in a federated fashion –by the SIPs? Answers to these questions may change over timea st heFAAg a i nse xpe r i e nc ef r om“ e a r l y a dopt e r s ”ofSWI Ms e r vi c e sa nda dj us t st hes ol ut i ont ode l i ve rma xi mum v a l uet oFAA stakeholders. In Segment 1, SWIM will not create many central resources for implementing programs. There will not be a central ESB providing messaging, security, and similar functions; instead –for the most part –the responsibility of implementing these core (infrastructure) capabilities will belong to NAS programs such as ERAM and TFM-M. There are two areas where the FAA does envision creating centralized services during Segment 1: (a) a design-time registry to assist in common service access, and (b) test bed capabilities to support interoperability testing. Keeping an eye toward the future –beyond Segment 1 –is important, however. While Segment 1 may not create a large number of centralized services, it is possible that future Segments will expand this pool of services. The Service Container plays a key role in delivering this flexibility to FAA programs. The Service Container will act as a service wrapper providing attachment points for security, messaging, service management, and interface management capabilities (and possibly other SWIM services in future Segments). The lightweight SC will not provide these capabilities, but will provide a standard mechanism for connecting them to services. As the SWIM architecture evolves, the SC will help pave a way to interoperability in future FAA Segments. It is likely that the distribution of services will change over time –possibly gravitating toward the centralized pool. The SC can help provide continuity for FAA programs as this re-distribution of service-fulfillment occurs. Even in Segment 1, services will need infrastructure capabilities, and during Segment 1 those services will likely be fulfilled via existing FAA programs for services such as for authentication and authorization, service monitoring and management, message queue management, and so on. The SC will provide a wrapper that supports a seamless transition from program-provided infrastructure to SWIMprovided infrastructure in the future. The key is flexibility: while the SC construct does not FAA SWIM: SOA Best Practices –Industry Input (GEIA) 13 obligate the FAA to changing the location of services, it provides the FAA with the ability to re-locate certain services in the future if such relocation would be beneficial. Twopoi nt sa r ewor t hnot i ngr e ga r di ngt hea boveFAAg oa l sa ndt he i rma ppi ngt ot he“ SOA Fr a me wor k”out l i ne di ns e c t i on3. 1:  Centralized vs. Federated: In many cases the SOA Framework components can be decentralized and federated to support the Service Container concept. At the same time, decentralized, federated components tend to add complexity and risk over centralized solutions and weight should be given to architectures that include centralized components where possible.  Cove r a g eof“ SOAFr a me wor k”El e me nt s : The SOA Framework services listed earlier in Figure 2 do represent an industry best practice –particularly for enterprise-wide SOA implementations. The decision of which SOA Framework components are contained in the Service Container is a matter of naming convention as long as all the SOA Framework components are included in the overall FAA NAS solution-space. 4.2 Industry Solution Architecture GEIA supports the FAA vision for the SWIM architecture. The FAA architecture reflects a solid understanding of both the macro view –how to establish an enterprise-wide foundation for modernization –and the micro view –how to link this foundation to specific applications. Figure 7 illustrates a GEIA-endorsed high-level architecture toward which SWIM should evolve. There are two key reasons for GEIA recommending this architecture: it adheres to the overall SOA Framework (section 3.1) and to the FAA SWIM vision (section 4.1). Service Interfaces (COTS or Custom) NAS System NAS NASSystem System NAS System NAS NASSystem System B Security Service Agents F G Web Services Management Security Service Gateway C I D Business Activity Monitoring Messaging Enterprise Service Bus Messaging Service Orchestration (BPEL –Industry Standard) A Service Security Service Management Infrastructure Management Dashboard Service Registry Hardware OS, DB, ec. SOA Components E H Service Levels J Metadata Repository Figure 7: GEIA SOA Architecture for SWIM FAA SWIM: SOA Best Practices –Industry Input (GEIA) 14 TheFAAor g a ni z e sSWI M’ si ni t i a lCor eSe r vi c e si nt of ourgr oups .Be l owi sadi s c us s i onof how the GEIA architecture illustrated above support those FAA groupings. The four highlevel groups are below: 1. Interface Management 2. Messaging 3. Security 4. Enterprise Service Management 4.2.1 Capability #1: Interface Management Label A B Architectural Element Service Registry Service Interfaces Description A service registry provides a very important function in any SOA architecture –advertising the services that are available for reuse by applications. This is particularly useful at design time when software developers aim to reduce FAA cost and complexity by re-using existing services rather than creating redundant services. A registry can also be useful at runtime when an application dy na mi c a l l y“ di s c ove r s ”wha ts e r vi c e se xi s tt ha tme e ta particular requirement. The industry standard for SOA s e r vi c er e g i s t r i e si sc a l l e dUDDI( “ Uni ve r s a lDe s c r i pt i on, Di s c ove r y ,a ndI nt e g r a t i on” ) ,and GEIA endorses the inclusion of a registry that includes UDDI-based interfaces in SWIM for the publishing and discovery of services. FAAa ppl i c a t i onsne e dt o“ pl ugi n”t oSWI Mi nor de rt o a c hi e vet heFAA’ svi s i onf orne t -centric operations. GEIA encourages the FAA to consider two high-level strategies f ort he s ei nt e r f a c e s :e s s e nt i a l l y ,t hec l a s s i c“ bui l dvs .buy ” options.  Ont he“ bui l d”s i de ,i ndus t r ys t a nda r dse xi s tt ha t provide a uniform mechanism for SOA applications to exchange information. One such example is JCA (Java Connector Architecture). JCA has the added benefit that other FAA SOA programs have adopted JCA as their standard for application interfaces, so SWI M’ sa dopt i onoft hi ss a mes t a nda r dwoul d improve interoperability between SWIM & these other programs.  Ont he“ buy ”s i de ,va r i ousi ndus t r ypa r t ne r spr ovi de pre-built interfaces to a wide variety of data sources and/or application that may exist at the FAA. Through a balance of build and buy, the FAA will be able to establish connectors to its applications cost effectively and mitigating undue risk. FAA SWIM: SOA Best Practices –Industry Input (GEIA) 15 4.2.2 Capability #2: Messaging Label C D Architectural Element Enterprise Service Bus Service Orchestration Description An ESB is interoperable messaging platform that facilitates the exchange of data between target service endpoints while ensuring quality of service characteristics. While an ESB is a standard SOA component, there are several design considerations on how best to deploy an ESB at the FAA. Section 3.3.2 discusses those considerations. Thet e r m“ or c he s t r a t i on”r e f e r st oahi g h-level coordination of the fine-grained interactions –system interactions and human interactions –in order to achieve a higher-level FAA business service and ultimately and endto-end business process. Industry has adopted an industry standard called BPEL (Business Process Execution Language) for SOA orchestration. Based on this BPEL standard, industry solutions exist that will allow the FAA to define orchestration patterns and monitor the actual flow of transactions through these patterns in day-to-day operations. By adopting BPEL-based orchestration, the FAA will reduce risk by establishing a standards-based service orchestration platform for declaratively defining the logic that controls service interactions. FAA SWIM: SOA Best Practices –Industry Input (GEIA) 16 4.2.3 Capability #3: Security Label E Architectural Element Security Service: Manager Description Three security capabilities are important: 1. Establishing policies for security 2. Enforcing those policies 3. Auditing compliance with those policies It is risky to leave security up to the whims of individual development teams. They may not be aware of current FAA security policies and therefore may (inadvertently) not enforce those policies properly in FAA application software. GEIA encourages the FAA to decouple security from the development of individual applications. Deploy an infrastructure that allows the FAA to establish security pol i c i e sc e nt r a l l y ,a ndt he nus e“ g a t e wa y s ”a nd“ a g e nt s ” (described below) to enforce those policies for the collection of FAA applications. F G Security Service: Gateway Security Service: Agents As part of establishing security policies, FAA will need to establish a federated security model for SWIM. Many different FAA systems as well as external entities will need to access SWIM services. It is unrealistic to believe that maintaining a single security directory for all of these entities is feasible. As a result, the FAA will need to establish the appropriate trust relationships with these entities and leverage standards such as WS-Trust and SAML to allow these entities to interact with SWIM. A security gateway is a collective solution –it provides a shared mechanism for enforcing FAA security policies across the group of applications at a particular SWIM endpoint (facility or cluster of servers). The security Gateway will play a key role in helping the FAA enforce federated security policies. The gateway will be responsible for receiving requests from external entities as well as other FAA systems and passing the security tokens to the security service for authentication and authorization. A security agent is an application-specific solution –it provides a mechanism for enforcing FAA security policies associated specifically with a particular application. It provides finer grained enforcement than gateways but still provides the important de-coupling of policies from application development described above in the Security Service Manager. FAA SWIM: SOA Best Practices –Industry Input (GEIA) 17 4.2.4 Capability #4: Enterprise Service Management Label H I Architectural Element Dashboard #1 Infrastructure Management Dashboard #1 Business Activity Monitoring Description Reliability of SWIM will be vital to the FAA. Because SWIM will enable Air Traffic Control modernization, having a foundation that FAA applications can rely on as available, secure, and providing high performance is crucial to the achievement of true net-centric operations. To provide the FAA with comprehensive governance of SWIM infrastructure, this management dashboard should support the following elements:  Hardware: Monitoring the servers, storage, and network routers that comprise SWIM will be crucial t oFAA’ se ns ur i nghi g ha va i l a bi l i t yofSWI M.  Operating System, Database, etc.: Monitoring the availability and patch levels of key system software –operating systems, databases, etc., –will provide the next level of SWIM quality assurance.  SOA Components: Monitoring the SOA elements comprising SWIM Core Services will provide the FAA with these capabilities: - Dynamically discover BPEL processes and the underlying services that are being orchestrated - Perform risk- and business impact analysis - Realize dependencies within a complex distributed SOA environment - Provide drill down capability to trace transactions through the environment to diagnose bottlenecks and system problems  Service Levels: Establishing SLAs may become necessary for the FAA to gain broad adoption of SWIM, and having the proper tools to enforce these SLAs will become a vital element to help the FAA fulfill its commitments. Modern IT dashboards exist that monitor compliance with SLA targets.  Charge Back: Having the ability to account for the usage of Web Services and allocate costs back to the users of those Web Services would provide a means for the FAA to fairly apportion SWIM costs. In addition to the system-level monitoring listed above, SWIM will also benefit from a second type of monitoring c a l l e d“ bus i ne s sa c t i vi t ymoni t or i ng ” .Thi sc a npr ovi det he FAA with a dashboard simulating a true end-user experience: reports of air traffic congestion, alerts to inf l i g hts a f e t yi nc i de nt s ,e t c .Bye s s e nt i a l l y“ l i s t e ni n g ”t ot he real-time stream of FAA transactions flowing through SWIM –weather, surveillance, etc. –this second dashboard capability helps the FAA rise above the FAA SWIM: SOA Best Practices –Industry Input (GEIA) 18 J Metadata Repository infrastructure to monitor the true end-user experience. St or e s“ i nf or ma t i ona bouti nf or ma t i on”f orke yFAAda t a sets. This repository will help provide a common understanding of data elements across applications and data stores and assist the FAA in routing data to the right people and systems. 4.3 SOA Design Considerations Several SOA components have robust enough capabilities that they merit an expanded discussion around options the FAA will have in implementing these components. This section of the document includes those expanded discussions. 4.3.1 Registry A key component of a successful SOA implementation is a registry that includes interfaces based on the Universal Description, Discovery and Integration (UDDI) specification. A registry is essentially an online directory enabling service providers to advertise their offerings and allowing service consumers t of i nds e r vi c e st ha tma t c ht he i rc r i t e r i a .I tpr ovi de sa“ whi t e pa ge s ”l i s t i ngofs e r vi c epr ovi de r s ,a“ y e l l owpa ge s ”l i s t i ngoft hes e r vi c e sof f e r e d,a nd technical information needed to access a service as defined in the Web Services Description Language (WSDL) document for that service. Governance is another benefit of a registry, as it provides a central platform for services such as the following:  Lifecycle management of services and resources  Ensuring quality and external and internal standards compliance  Notifying stakeholders of change  Adherence to policy  Access control to services  Tracking additional metadata on services including such things as ownership, current users, status, plans, etc. One important FAA consideration centers on when to use a SOA directory. Theoretically there are two times: (1) at build-time [by programmers] and (2) at run-time [by the application in production]. GEIA recommends that the FAA use a directory only at build-time. However, the registry technology should be capable of being used effectively at run-time in the future, especially for selection between multiple instances of a service that may be available in the infrastructure. Since usage will initially be most prevalent at build-time, an important feature would be the ability to store the actual artifacts for the service as well as the WSDL, to enable development and testing in additional applications. 4.3.2 Enterprise Service Bus The use of an Enterprise Service Bus (ESB) provides a much-needed intermediary layer that facilitates data delivery, service access, service reuse, and service management of an enterprise SOA implementation. ESB also supports intelligently directed communication and mediates FAA SWIM: SOA Best Practices –Industry Input (GEIA) 19 relationships among loosely coupled and decoupled business components. SOA is a fundamental shift in the way applications are designed, developed, and integrated. It also facilitates the development of enterprise applications as modular business services that can be easily integrated and reused. At the same time, it is important to acknowledge that SOA opens some unique challenges. The FAA can address these challenges using an ESB, as describes in the following points:  Reliable Messaging: Reliable transport of data continues to be a basic need for any integration solution. While the principle of SOA calls for standards-based, platformindependent messaging protocols, this principle does not inherently allow for reliable delivery of data. Standards are emerging to support this capability, but they are not always mature or widely adopted. Some standards are industry-agnostic such as WSRM. Other standards are unique to the aviation industry such as TypeX, a SOAP- and WS- based industry standard to be published as an IATA standard to enable reliable messaging based on IATA and ICAO addresses. Demonstrating the compatibility of these two types of standards (industry-agnostic & aviation), TypeX has been implemented by various integrators (e.g., SITA and ARINC) and some users. TypeX can be used in a SOA environment and plugged into ESB, and it makes use WS-* security specifications for security functions. ESB Benefits: A multi-protocol ESB can be used to support SOA messaging patterns and utilize technologies such as JMS (and commercial implementations such as Oracle AQ and IBM MQ Series) for guaranteed delivery and clustered topologies for availability at the middle tier and database layers.  Service Virtualization: SOA implies a basic architectural paradigm in which any service consumer can access a service provider from any platform (within security constraints). This, in turn, implies that the appropriate protocol and syntactic mediation is in place to insulate consumers and providers. Service virtualization is the primary driver for implementing an ESB, and most other use cases are variations of it. Lack of clean layering, or "separation of concerns", at design time introduces unnecessary coupling between business logic and IT details. The impact of these cross-dependencies might not be noticeable at first, but as the integration scope grows, they start to erode the initial benefits of a SOA implementation. ESB Benefits: The ESB architecture removes all the point-to-point dependencies by providing an abstraction layer allowing the mediation of disparate data and protocols.  Policy Management: Access by known and unknown service consumers results in the need for an abstracted policy management model that is capable of enforcing authentication, authorization, and encryption in addition to more complex businesslevel policies independent of the service provider implementation. ESB Benefits: Rather than hand coding these policies into each service, the ESB allows centralized configuration and auditing of security policies. This also provides a separation of duties between developers and the security implementation. Key standards include: LDAP, WS-Security, and SAML.  Management and Monitoring of Services: An increasing number of services results in an increasingly complex environment. This environment must be monitored for availability, performance, and any technical or business-level errors. ESB Benefits: Service levels and quality-of-service monitoring should be managed at FAA SWIM: SOA Best Practices –Industry Input (GEIA) 20 the ESB layer as well, and integrated SOA Systems Management capabilities are crucial to administer the complexity of SOA.  System Heterogeneity: Today's new applications are tomorrow's legacy, as one can observe in common applications as well as the software used to connect them. This proliferation of new technology is inevitable, and system landscapes must be architected to support such change. As modern application development technologies quickly evolve, the Model, View, Controller paradigm allows the UI layer to swap in and out without impacting business and data logic. ESB Benefits: TheESBpr ovi de sa l lt hes e r vi c e sne e de dbyt oda y ’ sa ppl i c a t i on developers building rich, web-based applications on all kinds of platforms from Java frameworks to Adobe Flash and Flex.  Abstraction of Business Logic from Technical Implementation Details: One goal of SOA is to provide a layered approach to developing systems that insulates changes in technology from changes in business process, and vice versa. In effect, this "separation of concerns" must be designed into the architecture from the start. ESB Benefits: A SOA environment with an ESB can provide this insulation between the service consumer and provider. As technologies and end-points change, this can be managed centrally in the ESB and changed in one place providing the agility to adapt to changing requirements or implementation technologies. 4.3.3 Legacy Integration Aviation Context Like any large organization, the FAA hosts a wide range of IT applications that –individually –effectively perform their functions but –collectively –represent complexity that slows modernization. And yet modernization is necessary. This situation represents the classic pr obl e m of“ c ha ng i ngt het i r e sonamovi ngc a r ”–how can the FAA migrate to a modernized net-centric set of applications (NextGen) in a graceful fashion that preserves continued operations of the existing NAS systems? Legacy integration includes communications with FAA legacy systems and those with their business partners, airlines, airports and other Air Navigation Service Providers (ANSPs). These communications related to the exchange of operational messages such as flight plans, weather messages etc. are done either through AFTN (Aeronautical Fixed Telecommunication Network) or from airlines TypeB to AFTN. ICAO –the International Civil Air Organization – has also recommended a standard called AMHS (Aeronautical Message Handling System) that is under deployment by ANSPs to replace AFTN. There are discussions form new messaging recommendations in the move to XML and rich formats. In all cases gateways need to be specified to bridge the legacy and new environment that converts both protocols and business data formats to allow seamless interoperability. In some cases where similar functionality or data is not available, the FAA may need to make certain trade-offs and implement workarounds. FAA SWIM: SOA Best Practices –Industry Input (GEIA) 21 Solution Alternatives Given these legacy systems, a perennial challenge for the FAA is finding a way to reduce the effort, cost and risk involved in developing and maintaining integration among legacy a ppl i c a t i onsa nd“ ne wt e c hnol ogy ”a ppl i c a t i ons . Two solution alternatives exist, and the FAA should consider both:  COTS Adapters: Just as industry has long provided COTS applications, it is now possible to obtain COTS integration solutions between specific end-poi nt s .FAA’ s evaluation of this alternative should be identical to any other build/buy decision – evaluate the quality, cost, and risk associate with the build- vs. buy- solutions. Some adapters are to generic data sources (database, file transfer, Java messaging, etc.) while others are to true end-user applications (often back-office applications like Human Resour c e s ,Cus t ome rRe l a t i ons hi pMa na ge me nt ,e t c . ) .Ons t e pi nt heFAA’ sdu e diligence should be to evaluation whether the use of any COTS adapters could reduce the cost and risk associate with legacy integration.  Development Standards: If a COTS adapter does not exist for a particular FAA application, the other alternative is developing a SOA-based adapter using standards like JCA to provide real-time, bi-directional, and comprehensive connectivity. Adapters are usually metadata-driven and integrate with one or more recommended backend application programming interfaces (APIs). They translate the data from backend specific data format to a standard data representation like XML. This enables reuse of existing assets by exposing them as Services that can be integrated with new a ppl i c a t i onspr ovi di ngt he“ l a s tmi l eofi nt e g r a t i on” .Bye xpos i ngt heunde r l y i ng backend applications as Services and expressing them as WSDLs via an ESB, they are available to SOA clients across the network. Some of the key standards include: Web Service Definition Language (WSDL), Web Service Invocation Framework (WSIF), Java Connector Architecture (JCA) and XML. The importance of standards in these essential areas should not be underestimated and prevents Vendor lock-in. 4.3.4 Security Because of its loosely coupled connections and its use of open access (via Hypertext Transfer Protocol [HTTP]), SOA adds a new set of requirements to the security landscape. Below are descriptions of security standards that the FAA should consider and best practices regarding the online enforcement of security policies. 4.3.4.1 Security Standards Many organizations rely on the Secure Socket Layer (SSL) protocol to protect access to SOA deployments. SSL provides authentication, confidentiality and message integrity. However, when the data is not "in transit," the data is not protected, which makes the environment vulnerable to attacks in multi-step transactions. As a result, there is a need to address more specific SOA security challenges by relying on additional, application-level industry standards. Figure 8 includes a sampling of these security standards. FAA SWIM: SOA Best Practices –Industry Input (GEIA) 22 Security Area Content Security Message-Level Security Metadata Trust Management Public Key Infrastructure Standards for FAA Consideration   XML Encryption   XML Signature   WS-Security   WS-Policy   WS-PolicyAssertions   WS-PolicyAttachment   WS-SecurityPolicy   SAML   WS-Trust   WS