Amazon Services, the Service Model
Trigger by Steve Clayton post about "Amazon - Where Do You Want To Go Tomorrow?"
A while ago I made a demo with Amazon Web Services, just to show what the limitations are when using models or how models can help to make better designs. Anyway I used the Web Service Software Factory Modeling Edition and Visual Studio Team Architect capabilities to generate the service models and service agents.
This is the application diagram where we have the existing Amazon services with two endpoints, the AWSECommerceService and the MechanicalTurk, and a Windows Client application which consumes them. For this demo I used the conform endpoint to WSDL functionality, but you can also use the Add Existing Service feature.
It looks pretty simple
The next thing I did during the demo is generating the service models and look... this is what you get, allot of shapes. A nice detail is the line between AWSECommerceService and the MechanicalTurk to the same messagecontract. the model generation functionality looks if there are contracts who are used by both services and connects them. [it's the HelpResponse message]
More detail
Anyway, I assume everybody agrees this is a useless model and the service agent model even looks more terrible. A real spaghetti model, where nobody can work with.
So, I totally agree with Juval Lowy's guidelines for services.
4. Avoid contracts with one member.
5. Strive to have three to five members per service contract.
6. Do not have more than twenty members per service contract. Twelve is probably the practical limit.
I say proven practice..!
Creating Secure Services, with Visual Studio Team Architect and the Web Service Software Factory Modeling Edition
Making secure is hard from a technology point of view. As Juval Lowy is saying in this MSDN article:
Security is by far the most intricate area of the Windows® Communication Foundation (WCF). In every WCF operation call on the service side, security is governed by the service contract, the operation contract, the fault contract (if present), the service behavior, the operation behavior, the host configuration, and the method configuration and its code. Each of these items may have as many as a dozen or more security-related properties...
And it's hard from a process point of view, also known as SD3+C. [The New Threat Modeling Process]
You must get executive support [not always that easy], you must create awareness, you must tackle the "not now we must make functionality" problem and some more.
Additional information can be found in these links.
- How Do They Do It? A Look Inside the Security Development Lifecycle at Microsoft
- The Trustworthy Computing Security Development Lifecycle
The The Security Development Lifecycle BLOG is a great place to start reading on this topic.
How to use Team Architect to make your SD3+C process more in control and help developers to build better, quicker secure services.
When you work with Team Architect you are already collecting innumerous information which can be used for threat modeling,
You've got the Logical Datacenter Diagram whit information about zones "Trust Boundaries" and servers which are in those zones. For example the Logical Datacenter Diagram below, We've got an internal legacy system with a broker in front which lives in a secure zone together with an some servers and internal clients, this zone exposes functionality through a DMZ to external clients and consumes information from an external creditcardserver. [forgive me the naming of the servers ;-)]
Probably / hopefully you are making this diagram together with the ITPro.
With the application diagram you start by defining the application design... [image]
...and map the applications to the Logical Datacenter with the Deployment Diagram [image], to do some deployment validation.
I Attended a LiveMeeting a while ago about quality tools and VSTS and one of the slides was this one, where the presenter [Adam Gallant] talked about infrastructure and deployment modeling as a quality tool. I completely agree with him.
anyway, the deployment diagram...
And now it gets interesting..!
We have a view of all or systems / applications and the zones they live in [Deployment Diagram, actually is should be called a Logical Deployement Diagram ;-]. It should be nice when we could model / configure at this level, in this deployment diagram, additional security information.
For example, we've got Internet connections, Intranet connections and Business-To-Business connections in this solution, just as Juval describes in his MSDN article. This isn't possible in Team Architect but, what we can do is create our own "security model"... just on other view point, where you can define security specific settings with the security manager.
So, what I did, I created a DSL with the zones, applications, connections and for each connection/ endpoint you can configure specific security settings.
When you add this model to your solution it takes all the necessary information out-of the Team Architect diagrams and creates the shapes. [still one challenge: layout... it doesn't organize the shapes. So you have to drag around the shapes to get a meaningful model]
This is how the security model looks like [image below, still needs allot of tuning].
It has all the applications, endpoints, connections and the zones. From this point the architect together with the security guy can start defining the specific security settings. By default every line is red and set to "No Security". When defining the type "Intranet - Internet - etc" of the connection the endpoints gets security specific properties like certificate store, certificate name, Impersonate and so on... and in the details window there is the ability to set at operation level detailed information, for example if one operation needs impersonation and another doesn't...
Note: this model is far from finished, actually it's just an implementation of a brainwave, to give it a try if it would work this way and to get some discussion going on about modeling viewpoints/ quality attributes.
Anyway, only the model isn't that interesting.
It gets more useful when the Web Service Software Factory ,attached to the application diagram, take notice of the security model and use it during code generation.
For the implementation I used Juval's "Declarative Security Framework" and tweaked the Service Factory T4 templates a little bit. Using the Framework is a little bit overdone, because we already have an easier way "raise the abstraction level" for security.
Another thing I'm working on, is [and you can see it in the solution explorer] the generation of an Thread and Analysis Model File [TAM].
This file is used by the Thread and Analyses Tool and helps people identify threads with in your solution. There is enough information in all the models to give threat modeling a jump start by providing this file... and not only helping the creation of secure service from a technology point of view but also from a process kind of view.
A nice way to embed Secure Development Lifecycle [SDL / SD3+C] into the Application Lifecycle [ALM]
Still a lot of work to do [I think most of my posts end with this sentence] but a nice start for discussion...
How To Fire a Guidance Package Recipe from the Implement Application Feature of Team Architect.
Post #01 of a collection of posts with some more technical details about the creation of richer implementations with Visual Studio Team Architect.
The Start: Fire a Recipe, Wizard or something else when initiating the "Implement Application" feature from the Application Diagram.
There is only one place where you can change the behavior of this feature and that is in the properties window of the selected shape. You can change the the template it uses to implement the application. Select: "Custom Template..."
So, we have to focus on templates [vstemplate] if we want something else to happen.
Beside the fundamental elements "TemplateData" and "TemplateContent" where you can specify the files included in the template and categorizes the template, there is also an element "WizardExtension" which can be used to run custom code and more things like: "Display custom UI that collects user input to parameterize the template" and "Add parameter values to use in the template", actually you can perform virtually any action allowed by the Visual Studio automation object model on a project.
To use this element is easy, create a assembly which implements the IWizard interface, sign it and add it's details to the vstemplate WizardExtension element.
The IWizard interface gives us a number of methods which will fire during the execution of the template. For example:
public void RunFinished()
public void RunStarted
(
object automationObject,
System.Collections.Generic.Dictionary<string, string> replacementsDictionary,
WizardRunKind runKind,
object[] customParams
)
You can get additional information from the replacementsDictionary parameter and can add information to it.
So, with this information you can start with coding your additions to the template, add solution folders, add projects, add items, add code. The first solution I created, to accomplish a richer implementation then the "Empty Web Site" template offers, used a list of item templates in the "TemplateContent" element. But, after the solution went bigger and I wanted to do more this didn't gave me the flexibility I needed. So, the final solution ended with only the WizardExtension which executed all the necessary steps, from project creation to adding code with the CodeDOM and references. You only have to take the DTE Object and start coding...
// The application object can be cast to the root DTE object.
dte = (EnvDTE80.DTE2)(automationObject);
sol = (EnvDTE80.Solution2)dte.Solution;
To use the IWizard interface, DTE object and the CodeDOM is pretty hard, actually it really hurts and it's not suitable to make such a big customization to your templates, for small ones it's works fine but not for this size.
So, the release of the Guidance Automation Toolkit for Orcas made things much easier.
Guidance Packages also use the "WizardExtension" element behind templates to execute additional logic as you can see in this XML snippet.
<WizardExtension>
<Assembly>Microsoft.Practices.RecipeFramework.VisualStudio, Version=1.0.60429.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</Assembly>
<FullClassName>Microsoft.Practices.RecipeFramework.VisualStudio.Templates.UnfoldTemplate</FullClassName>
</WizardExtension>
When you dive into the "UnfoldTemplate" class you can see it also inherits the IWizard interface. So, things should work the same. Only with the GAX you get the ability to use T4 templates and all the other functionality like actions and recipes.
In the vstemplate there is the element "WizardData" which points to the recipe it executes during the unfoldtemplate action and with that you can use basic GAX functionality to create your projects.
<WizardData>
<Template xmlns="http://schemas.microsoft.com/pag/gax-template"
SchemaVersion="1.0"
Recipe="CreateSolution">
<References/>
</Template>
</WizardData>
So changing the Service Factory Modeling Edition or creating your own package starts with some customizations in this recipe, because we don't [I don't] want to see a wizard when initiating the implement application feature.
<Arguments>
<Argument Name="SolutionName">
<Converter Type="Microsoft.Practices.RecipeFramework.Library.Converters.RegexMatchStringConverter,
Microsoft.Practices.RecipeFramework.Library"
Expression="[a-zA-Z][a-zA-Z_0-9]*(\.[a-zA-Z][a-zA-Z_0-9]*)*"/>
<ValueProvider Type="Evaluator" Expression="$(safeprojectname)"/>
</Argument>
</Arguments>
<Actions>
<Action Name="CreateModelProject"
Type="Microsoft.Practices.ServiceFactory.CustomRecipes.CreateModelProject.CreateModelProjectAction,
Microsoft.Practices.ServiceFactory.GuidancePackage">
<Input Name="SolutionName" RecipeArgument="SolutionName"/>
</Action>
</Actions>
The argument captures the current selected [on the application diagram] projectname and the "CreateModelProject" action unfolds the model project template. Pointing to this changed / newly created vstemplate with in the Application Diagram will fire this recipe when using the Implement Application feature.
Next post: Collect data from the Application Diagram.
Service Factory - Modeling Edition CTP (VS2008)
Runtime Binaries are available for download, no source code yet.
System Requirements
To view and run the Service Factory assets in your development environment, you need the following software installed on your computer:
- Windows XP Professional, Windows Server 2003, or Windows Vista operating system
- Microsoft Visual Studio 2008 (Visual Studio Professional Edition or Visual Studio Team Suite)
- Guidance Automation Extensions (July 2007 Community Technology Preview)
In addition to the preceding requirements, if you want to install the Service Factory source code, you also need the following software installed on your computer:
- Visual Studio 2008 SDK 1.0 (includes the Domain-Specific Language (DSL) Toolkit)
- Guidance Automation Toolkit (July 2007 Community Technology Preview)