POLICY APPLICATION RULES FOR AUTOMATED CONFIGURATION OF SOFTWARE COMPONENTS

Information

  • Patent Application
  • 20100005451
  • Publication Number
    20100005451
  • Date Filed
    July 03, 2008
    16 years ago
  • Date Published
    January 07, 2010
    14 years ago
Abstract
A method, system and article of manufacture are disclosed for configuring software application components. The method comprises the steps of developing a set of policy application rules, assembling unconfigured software components into one or more software applications, and applying said application rules to the unconfigured software components to configure said software components. In the preferred embodiment, the applying step includes the steps of passing the unconfigured software components to a policy rule engine, and using said policy rule engine to apply said application rules to the unconfigured software components to produce the configured components. In addition, the method may be done to resolve ambiguities in the software components. In particular, the application rules may be designed to resolve ambiguities in the application of these rules to the unconfigured software components. Also, each application rule preferably includes a condition, an application template, and a policy.
Description
BACKGROUND OF THE INVENTION

1. Field of the Invention


This invention generally relates to component based software applications, and more specifically, to a policy configuration mechanism for applications that are comprised of an assembly of software components. Even more specifically, the preferred embodiment of the invention relates to such a mechanism that is very well suited for use with Service Component Architecture applications.


2. Background Art


The Service Component Architecture (SCA) is a specification put forward by software vendors with the objective of simplifying how organizations create and implement applications in a Service Oriented Architecture (SOA). SCA is included in the SOA Programming Model along with Service Data Objects (SDO), which allow heterogeneous data to be accessed and manipulated in a uniform manner. An SCA application is based on service components, which may be configured to provide services, consume other services, or both. These service components may be packaged together with import components and export components into SCA modules, and communicate with one another using SCA messages. SCA has become a standard method for building applications that are comprised of an assembly of software components. Configuring non-functional requirements of such applications (such as transactional or security requirements) is a tedious error-prone task since the individual components that make up the application have to be configured manually; this complexity increases with the number of components used to create the application. An additional problem is the resolution of the semantics of policy application to the component under certain situations: where the meaning of policy application is generally ambiguous.


In the past, componentized applications were comprised of a few components, and configuration was possible to do manually, even if it was somewhat tedious. Recent advances in the field such as the development of recursive component architectures like Service Component Architecture (SCA) and CORBA Component Model (CCM) have made it possible to create applications recursively, which is to say that each of the components used to build an application can itself be built using components. Such recursive component models have significantly increased the complexity of configuring non-functional properties in such applications. SCA provides high-level declarations of policies to simplify configuration, but even such declarations have to be applied manually. Model-Driven Development techniques have been used to simplify configuration of middleware systems. Model-driven techniques, however, need much more knowledge about the systems (through the development of an IT model) in order to make simplifications in configuration.


SUMMARY OF THE INVENTION

An object of this invention is to configure automatically software components using policy application rules.


Another object of the present invention is to provide a rule-based configuration system designed to simplify component configuration for complex component assemblies.


A further object of the invention is to provide a method for resolving ambiguities in policy application to software applications comprised of an assembly of components.


These and other objectives are attained with a method, system and article of manufacture for configuring software application components. The method comprises the steps of developing a set of policy application rules, assembling unconfigured software components into one or more software applications, and applying said application rules to the unconfigured software components to configure said software components. In the preferred embodiment, the applying step includes the steps of passing the unconfigured software components to a policy rule engine, and using said policy rule engine to apply said application rules to the unconfigured software components to produce the configured components.


In addition, the method may be done to resolve ambiguities in the software components. In particular, the application rules may be designed to resolve ambiguities in the application of these rules to the unconfigured software components. Also, each application rule preferably includes a condition, an application template, and a policy. The condition of each rule determines when the rule is applicable to the unconfigured software components. The application template results in application of a particular kind of policy to a particular part of one or more of the unconfigured components. The policy of each rule specifies the policy to be applied to one or more of the unconfigured components.


The preferred embodiment of the invention provides a method and system that configures software components automatically based on rules. Users of the system can define or modify the rules that drive the configuration; these can be based on the overall non-functional requirements of the application. In many practical situations, this leads to the configuration of the application being completed in a largely automated fashion, reducing the potential for errors and saving the time of the developer. Additionally, the rule-based mechanism can be applied to resolve ambiguities in policy application: the desired semantics can be encoded as a rule, which automatically applies the correct policy when used in the invention, eliminating the ambiguity.


Further benefits and advantages of this invention will become apparent from a consideration of the following detailed description, given with reference to the accompanying drawings, which specify and show preferred embodiments of the invention.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a schematic block diagram of Service Component Architecture.



FIG. 2 shows the architecture of a Rule-based Policy application System in accordance with the present invention.



FIG. 3 describes the Rule-based policy application process.



FIG. 4 gives a sample policy application rule.



FIG. 5 shows an SCA component assembly to illustrate use of rules to resolve ambiguous policy application.



FIG. 6 gives a rule to configure an atomic transaction pattern for component assembly.



FIG. 7 gives a rule to trigger the atomic transaction rule of FIG. 6.



FIG. 8 shows a computer system that may be used to practice this invention.





DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Architectures that enable the creation of software applications through the assembly of components have become more complex, and some standards such as Service Component Architecture (SCA) allow recursive composition, wherein even individual components can recursively be created through the use of other components. FIG. 1 illustrates the Service Component Architecture. SCA is based on a service-oriented architecture and is designed to present business processes in a service-oriented manner. One primary objective of SCA is to separate business integration logic from implementation so that a developer can focus on integrating applications without worrying about the implementation details.


The building blocks in SCA are service components 10 which may be configured to provide services, consume other services, or both. Each service component 10 includes an implementation 12, which is hidden from the developer inside the component 10, and one or more interfaces 14, which define the component's inputs, outputs, and faults. A component 10 may also include one or more references 16, which identify the interface 14 of another service component 10 that a component requires or consumes. Because the service components 10 contain and hide an implementation 12, a developer can graphically assemble, or “wire,” the components 10 together without knowledge of low-level implementation details.


The SCA service components 10 may be packaged together with import and export components 18, 20 into SCA modules 22, which run in an SCA runtime environment 25. The import and export components 18, 20 define a module's external interfaces or access points. For example, an import component 18 may be used to reference external services 24 outside of a module 22, so they can be called from within the module 22. An export component 20 allows service components 10 to provide their services to external clients 26. For the purposes of this description, these external services 24 and clients 26 are referred to as external components 24, 26.


The import and export components 18, 20 typically require binding information, which specifies the means of transporting data to and from the SCA modules. For example, an import binding type 28 refers to the specific way an external service 24 is bound to an import component 18. This includes the transport protocol used to communicate between the external service 24 and the import component 18. An export binding type 30 describes the specific way a module's services are made available to a client 26, including the communication protocol used to communicate with the client 26. For example, the import and export components 18, 20 may be used to access or provide services to external systems or services over various protocols, including but not limited to IIOP, HTTP, SOAP, and JMS. This can be accomplished by assigning, for example, a Web Service, EIS, JMS, or Stateless Session EJB binding type 28, 30 to an import or export component 18, 20.


The configuration of composite applications is non-trivial, since it involves application of various policies to individual components (or even parts of a component) to achieve the desired non-functional behavior for the application. Configuration of components involves the application of policies that drive middleware behavior to the development artifacts. Application of policy is often based on simple characteristics of the components; for example, the part of the component used by other components need to be configured to allow only secure access.


Component frameworks provide various mechanisms to assemble components into applications and to configure how software components operate. These configurations are used to tune the non-functional behavior of the component, and cover domains like security and transactionality. As an example, the SCA (Service Component Architecture) framework allows the developers to manage the security and transactional properties of SCA components using two mechanisms:


1. Policy intents, which are high-level declarations of the desired behavior of the component; these declarations do not refer to a particular implementation technology.


2. Policy sets, which are low-level declarations of the desired behavior and are associated with a particular technology.


This invention simplifies the developer's task to configure an application by providing a rule-based mechanism for doing so. Policies are often applied based on simple structural characteristics of the component assembly. For example, components that are open for use by business partners must have high-security associated with them. Using the preferred approach of the present invention, developers can define a rule that gets triggered by components that are open for use by partners, and specify with the rule the policy to be applied (in this case, one that applies high-security). This rule would be stored in a rule database. Once created, the rule resides in the database until modified or erased. When the developer creates components, he will then feed them to a rule engine, which automatically applies policies based on the rules that apply to the component. The transformed component is thus completely configured on the basis of the rules.



FIG. 1 shows the architecture of a preferred system. The system comprises a rule database 42, where rules are stored and a rule engine 44, which processes the rule and transforms an unconfigured component 46 into one that is configured 48 on the basis of the rules.


Rule-Based Policy Application Process

With reference to FIG. 3, the preferred rule-based policy application process is comprised of two phases, each of which includes a sequence of steps. Phase I is the Rule Development Phase, performed by IT policy experts. This phase has two steps. In the first step, policy experts within the developer's IT organization develop policy application rules, reflecting the best practices and IT policies of the organization. In the second step, policy experts maintain these rules on a continuous basis.


Phase II is the Component Development Phase, performed by component developers and application assemblers. This phase has four steps. In the first step components are created or assembled into applications by developers and assemblers; and in the second step, unconfigured component data is fed to the rule engine, which operates on rules to automatically produce configured components. In the third step, configured components can be manually examined to verify policy application, and to apply additional policies; and in the fourth step, configured components are deployed into the production system.


Pattern Application Rules

Each pattern application rule includes a condition and an application template. The condition of each rule uses XPath syntax. XPath is a standard language used to express path expressions in XML documents. Since SCA component descriptions are XML documents, it is natural to use XPath to define such conditions. However, standard XPath is complex and it requires advanced knowledge to write non-trivial conditions. To make things easier for developers, the invention utilizes extension functions to XPath, allowing developers to refer to parts of an SCA component or an assembly without having to use complicated syntax.


Each application template results in application of a particular kind of policy to a particular part of the component assembly. The template thus identifies the policy being applied, and the location where it is to be applied. Rules themselves are serialized into XML so that they can be persisted in the rule database as XML documents.



FIG. 4 shows an example of a simple policy application rule. In this particular rule, the condition field is the XPath expression ‘true’, which means that this rule is applicable to all components; it is not constrained by the condition. The application template specifies the location as rule:getPromotedServices( ). This is an example of one of the XPath extensions to allow developers to refer to parts of the component assembly in a simple way. In this case, the function allows developers to refer to all component services that have been promoted, i.e., are open for use by business partners who use SCA or web services technology to communicate with this component. The policy portion of the rule specifies the policy to be applied. In this case, the policy is reliablemessaging.exactlyonce. This policy declares the requirement that messages must be delivered to the service exactly once. Given a requirement that all services open for use by business partners must require guaranteed message delivery, the developer automates the enforcement of the requirement through the use of this rule. The alternative would be for the developer to manually inspect all the components and associate the policy reliablemessaging.exactlyonce with the services that are promoted.


An additional use of this method is to resolve ambiguities in policy application in certain cases. To illustrate such a case, consider the SCA component assembly shown in FIG. 5.


This figure shows an SCA component assembly comprising four components. The rectangles in the figure correspond to components. Chevron shapes attached to the left hand side of the components correspond to services provided by the component, and those on the right hand side of the component correspond to references (which are services used by the component). The smaller rectangles within each component correspond to policies that are to be associated with the components. In this assembly, Component H, providing two services and using three services, is in fact created through the composition of three other components, Components A, B and C. This composite acts as the implementation of component H. Such recursive assemblies are typical in the SCA framework. The dashed line in the figure correspond to services or references being promoted for use by other components (possibly by business partners). The solid lines are wires connecting references to a service providing the required functionality.


The ambiguity that the invention addresses arises because the semantics of policy application to a component are not well understood when the component is implemented by a composite, as in this case. Consider, as shown, that component H is required to run in a local transaction. Obviously, to meet this requirement, Components A, B and C have to be configured in an appropriate way, so as to reflect the local transaction requirement in Component H. Understanding how to configure A, B and C requires domain knowledge of how transactions are supported in SCA and in the environment within which the components will be deployed. One appropriate configuration is shown in FIG. 5. It uses the atomic transaction pattern as the policy for Components A, B and C, and associates roles with each of them. Use of the atomic transaction pattern is disclosed in copending application Ser. No. (Attorney Docket YOR920080144US1), for “Pattern-Based Policy Application Mechanism for SCA,” filed herewith, the disclosure of which is herein incorporated by reference in its entirety. Components A and B are to assume the role of the transaction creator (Tx here is an abbreviation for the word Transaction). Component C is configured to be a transaction non-propagator. This means that A, B and C will run in a shared transaction which is created by either A or B. The transaction scope is limited to this composite (i.e. no other components participate).


This is an acceptable solution for component H to provide the semantics of running in a local transaction. It is unrealistic to expect developers to acquire this knowledge and configure the components correctly. Using policy application rules turns out to be an extremely convenient solution here. As we detailed in the rule-based policy application process, transaction policy experts will develop a rule which will be applicable to all components running in a local transaction and implemented as a composite (this is what will be encoded into the rule's condition). The rule will apply roles to components based on whether they have promoted services or references: notice here that the components with promoted services (i.e., components A and B) are configured to be transaction creators. Components with promoted references (in this case, just Component C) are configured to be non-propagators. FIG. 6 shows the rule that automatically applies these policies.


This rule is applicable for any component assembly that is used to build a high level component. As described above, this rule should be used only for those component assemblies that are used to build a component that is running in a local transaction. Thus, another rule is used to trigger this first rule. FIG. 7 shows the second rule needed.


As shown in FIG. 7, the condition checks if a component is implemented by a composite assembly, and is running in a local transaction (signified by the presence of the policy intent managedTx.local). If this is the case, the atomic transaction rule shown in FIG. 6 is applicable and is triggered.


The preferred embodiment of the invention, described above in detail, represents a significant advance in the science of configuration of composite applications. What has always been a manual and error-prone process can now be automated in many useful cases. Additionally, the preferred embodiment of the invention provides a way to formally encode best practices as rules stored in a database. The rule application process describes the steps for policy application and provides a method for using this technology in a practical scenario. Developers and IT policy experts using software components would benefit from this invention.


The invention will be generally implemented by a computer executing a sequence of program instructions for carrying out the invention. The sequence of program instructions may be embodied in a computer program product comprising media storing the program instructions.


As will be readily apparent to those skilled in the art, the present invention, or aspects of the invention, can be realized in hardware, software, or a combination of hardware and software. Any kind of computer/server system(s)—or other apparatus adapted for carrying out the functions described herein—is suited. A typical combination of hardware and software could be a general-purpose computer system with a computer program that, when loaded and executed, carries out the functions, and variations on the functions as described herein. Alternatively, a specific use computer, containing specialized hardware for carrying out one or more of the functional tasks of the invention, could be utilized.


A computer-based system 100 in which a method embodiment of the invention may be carried out is depicted in FIG. 8. The computer-based system 100 includes a processing unit 110, which houses a processor, memory and other systems components (not shown expressly in the drawing) that implement a general purpose processing system, or computer that may execute a computer program product. The computer program product may comprise media, for example a compact storage medium such as a compact disc, which may be read by the processing unit 110 through a disc drive 120, or by any means known to the skilled artisan for providing the computer program product to the general purpose processing system for execution thereby.


The computer program product may comprise all the respective features enabling the implementation of the inventive method described herein, and which—when loaded in a computer system—is able to carry out the method. Computer program, software program, program, or software, in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: (a) conversion to another language, code or notation; and/or (b) reproduction in a different material form.


The computer program product may be stored on hard disk drives within processing unit 110, as mentioned, or may be located on a remote system such as a server 130, coupled to processing unit 110, via a network interface such as an Ethernet interface. Monitor 140, mouse 150 and keyboard 160 are coupled to the processing unit 110, to provide user interaction. Scanner 180 and printer 170 are provided for document input and output. Printer 170 is shown coupled to the processing unit 110 via a network connection, but may be coupled directly to the processing unit. Scanner 180 is shown coupled to the processing unit 110 directly, but it should be understood that peripherals might be network coupled, or direct coupled without affecting the ability of the processing unit 110 to perform the method of the invention.


The present invention, or aspects of the invention, can also be embodied in a computer program product, which comprises all the respective features enabling the implementation of the methods described herein, and which—when loaded in a computer system—is able to carry out these methods. Computer program, software program, program, or software, in the present context mean any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: (a) conversion to another language, code or notation; and/or (b) reproduction in a different material form.


While it is apparent that the invention herein disclosed is well calculated to fulfill the objects stated above, it will be appreciated that numerous modifications and embodiments may be devised by those skilled in the art, and it is intended that the appended claims cover all such modifications and embodiments as fall within the true spirit and scope of the present invention.

Claims
  • 1. A method of configuring software application components, comprising the steps of: developing a set of policy application rules;assembling unconfigured software components into one or more software applications; andapplying said application rules to the unconfigured software components to configure said software components.
  • 2. The method according to claim 1, wherein the applying step includes the steps of: passing the unconfigured software components to a policy rule engine; andusing said policy rule engine to apply said application rules to the unconfigured software components to produce the configured components.
  • 3. The method according to claim 1, wherein the applying step includes the step of applying the application rules to the unconfigured software components to resolve ambiguities in the application of the application rules to the unconfigured software components.
  • 4. The method according to claim 3, wherein the rules apply roles to the unconfigured software components based on whether the unconfigured components have specified services or references.
  • 5. The method according to claim 1, wherein some of the unconfigured software components trigger some of the application rules, and the applying step includes the step of applying each of the application rules to all of the unconfigured software components that trigger said each application rule.
  • 6. The method according to claim 1, wherein each application rule includes a condition that determines when the rule is applicable to the unconfigured software components.
  • 7. The method according to claim 6, wherein each application rule further includes an application template that results in application of a particular kind of policy to a particular part of one or more of the unconfigured components.
  • 8. The method according to claim 7, wherein each application rule further includes a policy that specifies the policy to be applied to one or more of the unconfigured components.
  • 9. The method according to claim 8, wherein: each of the application rules specifies one or more characteristics; andthe applying step includes the step of identifying, for each of the application rules, all of the unconfigured components that match the one or more characteristics specified by said each application rule.
  • 10. The method according to claim 9, wherein the applying step includes the further step of applying each of the application rules to all of the unconfigured components that match the one or more characteristics specified by said each application rule.
  • 11. A system for configuring software application components, comprising: a policy rule database holding a set of policy application rules; anda policy rule engine for receiving unconfigured software components, and for applying said application rules from the policy rule database to the unconfigured software components to configure said software components.
  • 12. The system according to claim 11, wherein the policy rule engine applies the application rules to the unconfigured software components to resolve ambiguities in the application of the application rules to the unconfigured software components.
  • 13. The method according to claim 12, wherein the rules apply roles to the unconfigured software components based on whether the unconfigured components have specified services or references.
  • 14. The system according to claim 11, wherein some of the unconfigured software components trigger some of the application rules, and the policy rule engine applies each of the application rules to all of the unconfigured software components that trigger said each application rule.
  • 15. The system according to claim 11, wherein each application rule includes: a condition that determines when the rule is applicable to the unconfigured software components;an application template that results in application of a particular kind of policy to a particular part of one or more of the unconfigured components; anda policy that specifies the policy to be applied to one or more of the unconfigured components.
  • 16. An article of manufacture comprising: at least one computer usable medium having computer readable program code logic to execute a machine instruction in a processing unit for configuring software application components, said computer readable program code logic, when executing, performing the following steps:receiving a set of policy application rules; andapplying said application rules to a set of unconfigured software components to configure said software components.
  • 17. The article of manufacture according to claim 16, wherein the applying step includes the step of applying the application rules to the unconfigured software components to resolve ambiguities in the application of the application rules to the unconfigured software components.
  • 18. The article of manufacture according to claim 16, wherein some of the unconfigured software components trigger some of the application rules, and the applying step includes the step of applying each of the application rules to all of the unconfigured software components that trigger said each application rule.
  • 19. The article of manufacture according to claim 16, wherein each application rules includes: a condition that determines when the rule is applicable to the unconfigured software components;an application template that results in application of a particular kind of policy to a particular part of one or more of the unconfigured components; anda policy that specifies the policy to be applied to one or more of the unconfigured components.
  • 20. The article of manufacture according to claim 16, wherein: each of the application rules specifies one or more characteristics; andthe applying step includes the step of applying each of the application rules to all of the unconfigured components that match the one or more characteristics specified by said each application rule.
  • 21. A method of resolving ambiguities in software components, comprising the steps of: developing a set of policy application rules;assembling a set of unconfigured software components into one or more software applications; andapplying said application rules to the set of unconfigured software components to resolve ambiguities in the application of said application rules to unconfigured software components.
  • 22. The method according to claim 21, wherein the applying step includes the steps of: passing the unconfigured software components to a policy rule engine; andusing said policy rule engine to apply said application rules to the unconfigured software components to configure said software components.
  • 23. The method according to claim 21, wherein some of the unconfigured software components trigger some of the application rules, and the applying step includes the step of applying each of the application rules to all of the unconfigured software components that trigger said each application rule.
  • 24. The method according to claim 21, wherein each application rules includes: a condition that determines when the rule is applicable to the unconfigured software components;an application template that results in application of a particular kind of policy to a particular part of one or more of the unconfigured components; anda policy that specifies the policy to he applied to one or more of the unconfigured components.
  • 25. The method according to claim 21, wherein: each of the application rules specifies one or more characteristics; andthe applying step includes the step of applying each of the application rules to all of the unconfigured components that match the one or more characteristics specified by said each application rule.
CROSS REFERENCE TO RELATED APPLICATION

This application is related to co-pending patent application Ser. No. (Attorney Docket YOR920080144US1), entitled “PATTERN-BASED POLICY APPLICATION MECHANISM FOR SCA”, filed herewith, the disclosure of which is herein incorporated by reference in its entirety.