Engineering e-Business Systems
17-18th July 2001
hosted by
all presentations - slides.zip (~5Mb)
Chris Winter |
The e-business project lifecycle - first hand experiences slides |
During recent years there has been much hype within the IT industry surrounding the topic of e-business solutions. This hype has been at its zenith surrounding the formation of dot.com companies, with the appearance of new household names such as amazon.com and lastminute.com plus some notable and often spectacular failures. In addition to the dot.com phenomenon, well established companies such as Tesco, Argos and BT with its on-line telephone directory, now run successful web-sites. During this period the IT industry has had to learn a great deal of new technical buzz words and acronyms such as, Java Beans, Enterprise Java Beans, Session Beans, HTTP, RMI, IIOP, EJB, etc.. In addition to learning all of this techno-babble, the industry has had to cope with the demands of the very businesses that it supports, notably the 'Internet Year', i.e. Speed to Market. This talk will review and discuss, through the speaker's personal experiences, some of the positive and negative effects e-business has had on the IT project life cycle. It will cover both the technical and business implications of these projects and give delegates an insight into what these projects are really like. |
Steve Cook |
Model-driven approaches to large-scale e-business system development |
One of the most difficult challenges facing a large international organisation developing a multitude of different e-business systems for different customers in different industries is how to organise the development organisation for the most optimal application of knowledge. Many approaches to such reuse have been tried in the past, including object and component technologies, and large-scale access to online databases of structured information. Although all of these approaches have delivered incremental benefits, none have lived up to their original promises. This talk investigates the proposition that model-driven approaches can do better. The models at issue are not just models of executable software, but also models of business processes and architectures in both the supplying and consuming organisations. The role of industry standards such as UML (Unified Modeling Language) and related initiatives will be discussed in this connection. |
Andrew Watson |
Model Driven Architecture - coping with multiple platforms |
The term "Middleware" entered the IT lexicon a decade ago, as businesses were increasingly forced to build distributed applications to share data from multiple sources inside their organisations. Over the last ten years the scope of those applications has widened and deployed middlewares have become legacies, so that increasingly businesses now have to integrate multiple middlewares rather than multiple databases. Now the integration problem is spreading across the Internet, and eBusiness integration forces us to recognise the necessity for multiple middleware platforms; CORBA and EJB are well suited to integrating middle-tier and back-end systems, HTTP/HTML links the desktops to the enterprise systems, while XML is being increasingly used to carry eBusiness transactions over the 'net. Each middleware is suited to its deployment niche, and somehow we have to make them all work together. This talk outlines OMG's MDA approach to designing applications that use multiple middleware platforms in concert to benefit from the strengths of each, as well as accomodating future middleware platforms. |
John Daniels |
From requirements to components |
Despite rapid growth in the use of component technologies such as EJB and COM+ there are few published practical processes for designing large-scale component systems. In this talk John Daniels will draw on material from his recent book "UML Components" (John Cheesman & John Daniels, Addison-Wesley 2000) to explain a simple step-by-step process for moving from business requirements to technology-neutral component specifications. The process covers requirements definition, component identification, component interactions, detailed component specification, and mapping to implementation technologies. It makes extensive use of UML notations, and can be supported by current UML CASE tools. |
Alan Cameron Wills |
XP meets UML |
eCommerce requires the rapid development of large systems. Two requirements for success are a lightweight process, such as eXtreme Programming (XP); and avoiding the reinvention of skills (embodied in patterns) and software (embodied in components). This talk is about experience in bringing these pieces together. We'll look at:
|
Yves Deswarte |
MAFTIA: a European project for dependable internet applications despite intrusions and accidental faults |
MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications) wishes to explore the fault-tolerance paradigm in environments where the faults to be considered are not only accidental faults (hardware failures, software bugs), but also malicious attacks by outside hackers or by privileged users (including security administrators). This talk will present the basic concepts supporting the generic MAFTIA architecture, as well as the various developments undertaken within this project: dependable middleware, intrusion detection, dependable trusted third parties, distributed authorisation, verification and assessment. A particular focus will be given on distributed authorisation. In this study, we are developing new authorisation schemes that enable to control fine-grain accesses (at the level of object method invocation) while preserving as much as possible participant privacy. These new schemes are particularly interesting when dealing with complex transactions involving more than two participants. For example, typical e-commerce transactions require the cooperation of a customer, a merchant, a credit card company, one or two banks, a delivery company, etc. All these participants have diverse interests and are thus distrusting each other. With these authorisation schemes, each participant is granted fair rights, while personal information is distributed only on a "need-to-know" basis. |
Nigel Edwards |
Practical application of secure operating systems in E-business |
This presentation will look at the use of secure operating system technology in E-business. HP's Virtualvault is is the most widely deployed web platform in the financial services industry and has never been successfully attacked in over 5 years of live deployments around the world. Virtualvault is based on military style security. Recently we have developed a new, simpler Trusted Operating system model drawing heavily on our experience with Virtualvault. This has given rise to HP's Trusted Linux. We will look at the mechanisms in Trusted Linux comparing them to the mechanisms found in normal Linux and also those found in conventional Trusted Operating systems such as Virtualvault. We will look at examples of real deployments and conjecture on future scenarios. |
Morris Sloman |
Security policy and trust in internet applications |
Trust is an important aspect of decision making for Internet applications and particularly influences the specification of security policy i.e. who is authorised to perform actions as well as the techniques needed to manage and implement security for the applications. This talk will discuss some of the issues relating to trust specification and describe Ponder - a new declarative, object-oriented language for specifying policies for security and management of networks and distributed systems. The language includes constructs for authorisation policies defining permitted actions; event triggered obligation policies specifying management actions, for example, to react to security violations; refrain policies specifying actions that subjects must refrain from performing; delegation policies defining what authorisations can be delegated and to whom. Filtered actions extend authorisations to define transformation of input or output parameters. Constraints specify limitations on the applicability of policies based on time or object state. Roles group the policies relating to a position in an organisation. A management structure defines a configuration of role instances as well as the relationship between roles. These concepts can be used to model roles, rights and duties relating to organisational patterns which occur in many large enterprises. |
Derek Coleman |
The evolution of B2B standards: the survival of the fittest |
Something weird is happening in the usually staid world of standards. E-business is causing an evolutionary explosion of three, four and five letter acronyms such as UDDI, SOAP, ebXML, OBI etc. Everyone from the United Nations, to Microsoft and Sun are forming new standards bodies and developing new standards. Even to the aficionado it can be hard to figure how all the initiatives relate. The driving force behind the explosion is clear - e-business is all about carrying out business processes across the Internet. This is only going to be cost effective if the processes are standardized - and no one can afford to be caught out as non-standard. This talk will provide a framework for understanding B2B standards and make sense of what's going on - it will NOT try and predict winners. |
Panel |
Future Trends |