Providing Customers Information Using the WEB and CORBA

Integrating Transactions, Objects, and the Web

Edwin E. Hastings, Hastings Software
Dilip H. Kumar, Digital Equipment Corporation

ABSTRACT

Digital Equipment Corporation uses a number of production systems worldwide to run its business. Each country and business unit runs software to meet local needs, with the same function at times being provided by different applications. Providing customers and business partners electronic access to pricing, product availability, order status, and other transactional information is difficult and fragmented. Most often this information is provided by phone or fax with all of the limits and delays that these methods present.

A new approach is being taken using CORBA object technology to provide WWW users direct access to transactional information. This paper will discuss:

Architecture and design (including public and private data)
The Web Broker
Meta HTML files for transaction interface and worldwide users
Object wrappers for production applications
Future directions and development

Today access to transactional information is by phone and fax to a Digital office or toll free telephone center, or through one of several, non Web, electronic access tools. While these channels are effective, significant manual intervention is needed to prepare the information and often duplication of effort is involved in generating and using the data. A customer may take phone notes or a blurry fax and enter them into a local spreadsheet, report, or electronic mail message.

The WWW, with its multiplatform readers, is a very attractive solution for presenting the information. This new system aims to provide direct information access, eliminating the extra effort as well as eliminating the errors and mistakes that occur when data is manually entered into a document, spreadsheet, or other application.

We faced several significant challenge of getting the information to the Web server without rewriting the production systems. Our solution, currently under development, is to use a CORBA compliant object system (ObjectBroker) to provide transactional information to the Web. By integrating with HTTPD, ObjectBroker will act as a common CORBA based interface between the Web and Digital's internal applications network.

We are using enhanced meta HTML files which will be processed using data returned from the production systems. These meta HTML files are fully internationalizable and will allow customers worldwide to be supported in their native language.

As new applications are acquired and developed, CORBA functionality will be specified or developed. For existing applications, "wrappers" are being written using existing routines. CORBA also provides dynamic object selection which will support a worldwide user base with information from their local systems without having WWW servers in each country.

ARCHITECTURE AND DESIGN

The primary requirement of the system was to provide a gateway between Digital's internal production machines and customers using PCs, Macs, workstations, and terminals. Two types of information had to be provided, unstructured published information and structured transactional information. Published information is fairly static and is the same information for all of the users, although not all users may be given access to all the information. Transactional information changes frequently and is different for each user and based on the user's requests. The software had to have a good user interface, handle transactions, and link with many different kinds of production applications worldwide. Finally, the system had to be secure. Security included different access types for different classes of users and protection for information that is private to individual users.

Selecting the WEB

Providing electronic access to the information through a central clearing house was a base assumption, we did not want the users to have to know how to connect to multiple systems. However, using the tools of the WEB was not a foregone conclusion. Developing specialized applications for customer access and then providing them for free to the customer seemed to offer advantages including:

Complete control over the user interface
Ability to include features not available in the Web
Confidence in the ability to maintain security and transaction integrity

When evaluating the WEB and its tools the following were seen as advantages:

Ease of access for users; multiple Web clients supporting different hardware and software
Ability to include text, graphics, pictures, and hyperlinks
Tools available for both the client and the server

The Web presented several drawbacks and areas of concern including:

Immaturity of the Web "product set"
Lack of sophistication on the forms interface
Security issues of transmitting business information on the Internet

After evaluation, the decision was made to use the Web. Mitigating the risk is the large rate of change and evolution of the web software. All of the advances and improvements being made to Web browsers and readers by the many groups that are currently doing development are bringing more functionality to the end user than any single development effort could. In this way we are betting that the momentum behind the Web will give us the functionality that we need, when we need it.

Providing Published Information

Selecting the Web as the user interface and user transport solved one major issue, but, we still had to decide how to access the transaction based production systems and how to provide the unstructured published information. Published information includes: product specifications, software descriptions, press releases, documentation, research reports, and other documents created for Digital's customers and business partners. Providing the published information turned out to be straightforward and very much aligned with the web's natural strengths. We have added a user authorization and profile subsystem which integrate with NCSA httpd security. [see Authorization Section for more details] With the added flexibility of the security system we are able to provide information using the Web.

Figure 1. Architecture for Providing Published Information

Deciding on an Object System for Transactions

Our final functional challenge was to devise an approach to service the transactions. These transactions are based on the user's authorization, the current service request, and the data the user has entered. Transactions include price lookups, order status lookups, and other related capabilities. Separating out the information and transactional pieces of effort was a major turning point in solidifying the design. Having two functions also provided the structure for a module that is focused exclusively on providing and servicing transactions, the Web Broker.

The challenge of designing an interface for integration purposes was formidable. The existing base of applications is large and diverse, ranging from those that are easily integrated, having full application programming interfaces (API), to those that can only be accessed through their default terminal interface. Some applications are very modular, and have a well defined API. These applications are easy to connect to and integrate with any system. The other applications require complex wrappers to communicate with the application. Also in different countries the content of each application can be different for the same transaction.

We wanted to handle all applications in a similar fashion. What was needed was an interface that would serve both extremes, be easy to program to, and still be able to handle complex applications and transactions. Additionally we wanted the ability to update, modify, and internationalize the user interface without any programming on the Web Broker system. This lead us to select an object based system with a uniform well defined interface for each application.

Selecting a network transport for connecting our web server to the production applications came down to three choices:

A proven and well understood "message bus" system
DCE components including Remote Procedure Calls (RPC)
CORBA based object system (ObjectBroker)

Moving beyond a traditional network transport to an object based system provided the following advantages:

Provides a clearly defined and well structured interface.
Network transport and data marshaling is handled by the object request broker.
Naming services provide for location independence from the application code.

We selected ObjectBroker, a CORBA compliant object system from Digital Equipment. Our design contains the following main components which are described in the following pages:

The Web Broker
Meta HTML files for Transactional Interfaces
Object Wrappers for Production Application Server Systems
User Profile and Authorization Subsystem

Figure 2. Architecture for Providing Transactional Information

THE WEB BROKER

The Web Broker (WB) is the main switching center for transactions providing a common access point between the outside world of the web and the internal network of production applications. Running under httpd as a "cgi-bin" program WB provides the following functions:

Validates the user and retrieve the user's profile record
Moves the user's data from the HTML form and create an ObjectBroker object
Invokes the remote method to service the user's request
Selects the proper meta html file for output
Merges the meta html file with the method's results and output to the user

The user is validated when WB starts executing providing a check in additional to the httpd security. At the same time the user's information record in retrieved which is used to select which services the user can access and also provide the user's name, company, and locale. The locale is used to select language and servers which will serve the user's requests.

Creating the Object

User's are queried for information using the forms interface. The forms come from HTML files that exist on the WB system or META HTML files that were created by an earlier step in the session. All of the field names from the form along with their respective values read by WB.

An ObjectBroker object is then created and populated with data from the form. The object is not specific to any one service, its generic nature allows WB to support any number of services without any reprogramming of the WB software. No actions in the Web Broker are hard coded based on the service that is currently selected. For all switching operations the data in the object is opaque to the broker.

Information is transferred between the Web Broker and Object Wrapper Layer (OWL) using arrays of self describing name value pairs:

array[0] name1=value1

array[0] name2=value2

array[0] name3=value3

Invoking the Remote Method

Each service, a logical unit of work performed for a user, provided by our system has a unique service name. The service name is used to identify and select the proper Production Application Server System (PASS, see figure 2) and the required META HTML files which together implement the service. A service can consist of one or more applications. For example a Production Application Server System might communicate with multiple applications to gather enough information to provide a single logical service for the user. A service implemented differently in each country, for example pricing, would have a common service name and interface to the system.

The service name is passed to the Web Broker by the invoking form. It is then combined with the user's locale and are applied to the object's context. The complete object can now invoke the remote method using ObjectBroker. Here is one of the strengths of using the CORBA based system. The application code does not have to know anything about the remote node being identified or about the mechanics of the transport being used. That is invisible to the application being supplied and managed by ObjectBroker.

The field names need to be coordinated between the forms based fields and the input needed by the Object Wrapper Layer (OWL, see figure 2). The OWL takes the parameters that it needs from the data passed in, formats it correctly for the Application Wrapper Layer (AWL), executes the AWL and then formats the return data before sending it off to the WEB Broker. On the outgoing end the return data field names must be coordinated between the OWL and the META HTML file. META HTML files reside on the same systems as the WEB Broker.

Selecting and Outputting Meta HTML files

With the results returned from the remote method the Meta HTML file for the user is selected. The locale is part of the Meta HTML file in order to support the different data flow that may accompany different applications, in different countries, providing the same service. The return code from the call is used to select the right next step or error message generating the file name as:

service-name_return-code_locale.METAHTML

These return codes allow the service designer to setup multi-step transactions and have them driven by the production system. The data entered on the production system could drive the user down one of several paths. For example the production system might need more data and want the user to fill out another form, some data might be invalid and need to be reentered, or the user may have completed one step and be ready to proceed to the next one.

Each Meta HTML file is a unique form with different requests for information based on the user requirement. The return code drives the user through the sequence. In PASS, the OWL code can determine what step is in effect by sending a special name/value pair. Again the only coordination needed is between the service specific PASS code and the META HTML files, no changes are needed for the WEB Broker.

A special Meta HTML file, service_ERR_locale.METAHTML, is invoked if there is a network based service unavailability or breakdown. This file should include specific service related information, for example if the application is normally unavailable at certain hours, as well as contact information for the local.

META HTML FILES FOR THE TRANSACTION INTERFACE

The Meta HTML files reside on the Web Server system. These files contain supersets of HTML information to substitute data returned from the production systems, handle conditional operations based on that data, and implement location specific date, time, and monetary functions. Using the objects name value pairs we isolate the construction of the display from both the production server wrapper and the web broker.

Once the proper META HTML file is selected, it and the results returned by the OWL routine need to be merged. This section describes that process.

Figure 3. Merging Production Data with Meta HTML files

An advantage of having the META HTML tags related to the PASS code is flexibility in specifying and adding fields. For example, adding a specific data field of function, that may only be applicable in a certain country, can be done in a straight forward way. The specific fields are added to the OWL for that application and for the specific META HTML file, no coding changes would be necessary for the WEB Broker.

The OWL remote method returns multiple lines, string arrays, of tag/value pairs that contain the results. The tags in the returned data correspond to the META HTML tag names. These are substituted according to the following rules to create the HTML output. This process gives a completely mapping free implementation of the data formats, only the Object Wrapper Server and META HTML routines need to know the tags names.

The first tag in a line has a special property of identifying the entire line. Conditional operations can only be performed on this Line Identifier Tag (LIT). This property allows tags to be grouped into records. For example an order will have multiple lines containing part number, quantity, and price. Each order line will be identified by a LIT value.

META HTML tags and functions

$var$                   use the value of var                  
[$var$ :+text]          if var is defined and non NULL then   
                        use the string text.  Note that       
                        text can contain $var$ and a          
                        substitution should be applied.       
[$var$ :-text]          if var is undefined and non NULL      
                        then use the string text.  Note       
                        that text can contain $var$ and a     
                        substitution should be applied        
[time:$var$ :format]    output the value of var using the     
                        date and time formating string        
                        format as defined by the              
                        strftime/wcsftime routine.  Note      
                        that these routines are locale        
                        sensitive and will give the user      
                        output that is routine to his         
                        country.                              
[mon:$var$ :format]     output the value of var using the     
                        monetary and will give the user       
                        output that is routine to his         
                        country

OBJECT WRAPPERS FOR PRODUCTION APPLICATIONS

Existing applications and new applications that do not come with built-in ObjectBroker interfaces need to be "wrapped" with ObjectBroker. This wrapping gives the application a uniform interface to the Web Server System which is invoking the application. There are two layers for the wrapping system:

Object Wrapper Layer
Application Wrapper Layer

Depending on the application being wrapped the amount of effort required to add a new application would range from minimal to a serious undertaking. If the existing application has a documented API then adding it as a service is very straightforward. Otherwise, there can be a sizable amount of work required to interface the application.

Object Wrapper Layer

The Object Wrapper Layer (OWL) is responsible for taking parameters that are sent in name value pairs and determining which routines to call in the Application Wrapper Layer (AWL). Also, OWL converts the name/value pairs into the correct data formats for the AWL. The OWL is started and called by ObjectBroker.

The design is such that the OWL can take advantage, to the greatest extent possible, of existing access points to the application being integrated into Digital On Line.

Multiple AWL routines can be called by the OWL depending on the data name/value pairs submitted.

On return from the Application Wrapper Layer, the OWL collects the returned data and then marshal it into name/value pairs and then returns the data. Additionally, the OWL sets the method's return code. This return code is used by the WEB Broker (WB) to select the proper META HTML file to use for outputting the program results.

Application Wrapper Layer (AWL)

The Application Wrapper Layer consists of the logical collect of routines which access the application being integrated. Depending on the application being integrated and the types of callable interfaces that it has, there may be no development required to create an AWL. For those applications that don't have an easily assessable interface, or if the interface does not provide the information that is needed then some amount of software development is necessary.

USER AUTHORIZATION AND PROFILE SUBSYSTEM

A key requirement of the system was to provide a per-service based access control mechanism. For the current version, access control is implemented using the authentication scheme provided by the NCSA's HTTPD server. This scheme requires maintaining access control files in specific directories of the HTTPD server directory structure. The User Authorization and Profile Subsystem allows an Administrator to perform this function without a need to understand the HTTPD server implementation. The subsystem also captures some additional user profile data which are not specific to any service.

This subsystem consists of 3 components:

User Registration Subsystem: Users who access Digital OnLine for the first-time, are given access to public-domain services. One of the services is registration for access to member-domain services. This service is implemented by the User Registration Subsystem and is implemented using the HTML forms-interface. T he data collected is available for review by an Administrator who can then setup a registered account.
User Authorization/Maintenance Subsystem: This module allows an Administrator to review new user registration requests as well as maintain existing user profiles. It is implemented using the HTML forms interface. This module also updates the HTTPD password and group files to provide service-based access control.
Get Profile Module: If the access control mechanism is setup correctly, then the WWW server requests the WWW client to provide authentication information before allowing access to a URL. If the URL points to a cgi-bin script, upon successful authentication, the HTTPD server sets up environment variables that are available to the cgi-bin script. One of these (REMOTE_USER) contains the username that was entered. All services in Digital OnLine are required to call the GetProfile module upon startup. This module checks the username, accesses the profile database, and returns profile data to the caller.

The User authorization system is currently implemented using the authentication scheme implemented in the NCSA web server. The design will allow for migration to different schemes in future. Since the Get-Profile module is called by all services on startup, that module could be changed to capture user authentication information and validate, for example, using kerberos.

SUPPORT FOR WORLDWIDE USERS

Supporting worldwide users was one of the driving business goals. Support is more than just translating the languages that the user sees on the screen. We also needed to handle the face that the some services are provided in different countries by different applications, the solution to this was discussed in the section on using objects.

Since we are presenting a variety of information, including contact information, currencies, and dates we needed a complete approach. This is being handled by using locales. The construct from XPG/4 which identify both the user's language and country. Locales provide information on a users country and language and are a standard defined by the X/Open Portability Guide #4 (XPG 4). Locale information is used to provide translated and country specific information to the user. Every user is assigned a locale as part of their user profile entry.

META HTML files are specified by locale. In a locale the first two characters are the language and the last two characters are the language. The locale allows the META HTML file writer to include information that is important to a specific user based on their language and country. For example the Swiss German (de_CH) and Swiss French (fr_CH) would both include the same contact information for Digital Equipment Switzerland, however the text would be written in French in one and German in the other. However another page could be written, also in German, but with a locale of de_DE this page would reference contacting Digital Germany.

Customary date and monetary formatting are also part of the XPG4 standards and are supported by the META HTML files.

This implementation allows either a single server or a combination of many servers to support users worldwide. It also allows us to add new countries and services by using existing meta HTML files that are similar and using the same language.

FUTURE DIRECTIONS AND DEVELOPMENT

The current implementation provides a flexible interface to transactional systems for WWW-based clients. As this is implemented, more functions will be added to it in future. At present, there are 3 areas that we have identified for further work which extend the design.

Enterprise-wide Authentication System - As we implement more services and expand the user base, there will be a need to use a enterprise-wide, open authentication system like kerberos. We are hoping that the next generation of WWW Clients/Servers will have implemented kerberos-based authentication. The current HTTP protocol can support this scheme.

Complex, hierarchical data structures - The current Web Broker essentially uses name/value pairs to communicate with the OWL. This is capable of handling data which does not hierarchical relationships of second degree or higher. But many commercial transactions have data elements which are hierarchically related upto a third or fourth degree. The example below illustrates this:

The interface between the Web Server and the OWL can be extended to handle such data structures while still retaining the name/value nomenclature.

Integration with new client-server transactional systems - As part of the re-engineering effort, Digital is implementing major packages to replace existing systems. A lot of these packages have customized front-ends. There is a need to integrate a public-domain interface to these packages so that external users can access data from these systems. Work to integrate the Web Broker with the SAP R/3 application package is currently underway.

Submitted by

Dilip H. Kumar

Digital Equipment Corporation

dilip@sita.mro.dec.com

Mr. Kumar is a technology consultant in Digital's Applied Information Technology Group. He specializes in designing and implementing electronic commerce systems with an emphasis on high performance transaction processing servers. He holds a Masters of Business Administration from Boston University and a Bachelors of Engineering from Mysore University, Mysore, India.

Edwin Hastings

Hastings Software

hastings@ultranet.com

Mr. Hastings is an independent consultant who specializes in computer networking and multi-platform application architectures and development. He has contributed to efforts at companies including: Digital Equipment, Xerox Corporation, Lawrence Livermore National Labs, Apple Computer, and Teradyne. He holds a Bachelor of Science degree in Computer Science from Rensselaer Polytechnic Institute.