CERT-SEI

Context-Based Technology Evaluation

To determine the fit between a system and a technology, it is necessary to evaluate the technology in the context in which it will be used. We've reported on our investigation of several technologies, including those in the following table.

Technology Investigated Description of Technology Context of Investigation
Business Process Execution Language (BPEL) Composition languages allow business processes available through web services to be combined into new processes. BPEL is the most popular composition language. Can different business process management tools exchange process definitions?

Can business process management tools hide the complexity of process orchestration, or does IT staff have to be trained in business process management concepts?

How easy will it be to change deployed business processes in case of a merger?
Model Driven Architecture (MDA) MDA literature, and some MDA tool vendors, claim that the MDA approach (1) reduces development time, and (2) frees the developer to focus on business logic rather than on target platform and infrastructure details. Aside from being a valid and beneficial approach to software development, this should allow quick and easy deployment of applications, as target platforms and underlying infrastructure change. If realized, these advantages would significantly benefit interoperability. A military human resources system (Military personnel are often reassigned to new locations, which triggers additional processes such as the actual reassignment, payroll adjustments, and flight booking.)
Open Grid Services Architecture (OGSA) Computing power in terms of processing power, storage capability, and bandwidth has continuously increased; however, computing needs have become even more demanding. Grid computing, as implemented through OGSA, possibly provides a solution to some challenges by allowing collaboration and resource sharing between organizations. A large volume of data is generated from a continuous data source, needs to be stored and retrieved to be processed, and used by data consumers once processed.
OWL Web Ontology Language for Services (OWL-S) OWL-S provides developers with a strong language to describe the properties and capabilities of web services for interpretation by a computer system in an automated manner. The goal of OWL-S is to enable applications to discover, compose, and invoke web services dynamically. Map services—available in a diverse selection of classifications and formats, with distinct and meaningful coordinates
Web Services It is claimed that web services are easy to implement and can integrate systems between platforms and that numerous web services are available from public repositories. A back-office system
Web Services Security (Single-Sign-On) Many organizations have legacy software systems that are difficult to integrate with other applications because they were developed as stand-alone applications. One solution is provide interfaces and expose them as web services. However, this approach can force users of an application that uses the web services created for the legacy systems to have to log in separately to each system. The goal of single-sign-on (SSO) is to avoid this situation. Which combination of technologies should be chosen to implement SSO?

How much effort will it take to develop an SSO solution?

What is the impact on execution time of the SSO solution?

How can access control be realized when using SSO?