Skip to main content

skip to main content

developerWorks  >  WebSphere  >

Using a WebSphere DataPower SOA Appliance as an exposed constraints engine

developerWorks
Document options

Document options requiring JavaScript are not displayed

Sample code


Rate this page

Help us improve this content


Level: Intermediate

Daniel Colonnese (codaniel@us.ibm.com), WebSphere Technical Specialist, IBM
Alex Klevitsky (aklevitsky@mib.com), Director of Architecture and Enterprise Software, Medical Information Bureau, Inc.
Usha Manohar (umanohar@mib.com), Systems Architect, Medical Information Bureau, Inc.

09 Jan 2008

This article shows you how to use DataPower as a platform to host reusable business logic, as opposed to its typical use as a middleware and security service. The article describes a constraints engine based on DataPower and ISO Schematron that can be positioned at the enterprise edge to limit liabilities. Readers should be familiar with business rule concepts and service-oriented software design.

Introduction

This article describes a constraints engine based on an IBM® WebSphere® DataPower SOA Appliance (hereafter called DataPower) and ISO Schematron [1] that can be positioned at the enterprise edge to limit liabilities. Readers should be familiar with business rule concepts and service-oriented software design.

Terminology

Business rules are statements that constrain, control, or influence an organization’s actions to achieve its business goals. This article describes a special class of business rules -- enterprise integrity constraints, which ensure the accuracy of enterprise information. While data accuracy is just one of the dimensions of data quality, it is the most obvious one, because if the data is not accurate, its other dimensions are of little importance. Data accuracy and completeness traditionally focus on data in data stores. Other data quality dimensions, such as usefulness and accessibility, focus on users and on how they interpret and use the data [2, 3].

Constraints are subsets of business rules that are defined for various XML vocabularies and can be shared with customers and business partners.

Constraints engine is a term used by vendors of business rules software to refer to a subset of business rules that constrain or restrict the use of a software function. A constraints engine is a subset of a business rules engine. In the context of this article, a constraints engine is a platform to provide reusable business logic to be applied to an XML document. You can use a constraints engine to apply complex logic to an XML document, as opposed to validation (such as XSD validation), which is strictly a check for well-formedness and correctness.

Modern enterprises employ various approaches to enforce business rules and integrity constraints. Our previous article, Patterns for REST Services with DataPower Appliances [4]. introduced DataPower as a Representational State Transfer (REST) Service Gateway, and described the use of ISO Schematron to implement constraints and complex business rules for the Secure-Accelerator Gateway variant. This article describes the role of DataPower as a constraints engine in more detail. Its extensive XML acceleration capabilities make it an ideal candidate for a constraints execution engine in a REST service-oriented environment.

Representation-oriented approach to integrity constraints

The traditional integrity constraints vision varies depending on whether your orientation is data, objects, or business processes:

  • The data-oriented approach advocates representation of integrity constraints in data models. Constraints are applied on the data layer.
  • The object-oriented approach considers constraints as part of the object/class model and is associated with the component’s properties. Constraints are applied in the business logic layer.
  • The business process oriented approach suggests a rules-based system design based on the vision of the enterprise as a composition of rules. This approach mostly deals with decision rules.

What approach is the best fit for REST service-oriented systems? The nature and state of the architecture’s data elements is an important aspect of REST. The key abstraction of information in a REST architecture is a resource which is a conceptual mapping to a set of entities [4]. A REST service is a subset of a REST resource. It may appear at first glance that data accuracy in the REST space should focus on the resource REST data element. However, a resource is simply a source of representations, and a representation embodies the actual state or data of the system at any point. We therefore advocate that data accuracy in the REST space focus on the representation rather than the resource, and suggest a representation-oriented approach to integrity constraints for REST service-oriented systems. This article focuses on the most common representations of a REST service: programmable (de-facto standard is XML) and human readable (de-facto standard is XHTML).In both cases, representation is an XML instance document.

A representation-oriented approach can be viewed as an extension of the object-oriented and data-oriented approaches, and focuses on message definitions and representations rather than objects or data models. Integrity constraints can cross architectural layer boundaries and be applied on presentation, business logic, or data layers. XML data binding frameworks and tools are available for Java™, C++, Microsoft® .NET, Delphi, and JavaScript to create mapping between schema elements and business objects. You can also express XML document structure and content in terms of a data model based on information in the XML schema.

XML Schema provides a standard mechanism to validate structure, data type, key reference, and uniqueness constraints in an XML instance document. But the current version of XML Schema has limitations. Cross-field, complex data types, and rules with respect to external data require a different solution.

Keep it simple: Schematron

A combination of XML Schema and Schematron, a language for rule-based validations, provides a comprehensive solution for validating XML instance documents.

Schematron is an XML structure validation language for making assertions about the presence or absence of patterns in trees, and it relies on query languages (normally XPATH) to express its rules. Schematron provides solutions for cross-field, cardinality, and algorithmic constraints that are not supported by the current version of XML Schema. You can define the constraints externally in a Schematron file or embed them in the W3C Schema. At run time, they are applied against the XML instance documents and therefore to resource representations, supporting the proposed representation-oriented approach.

Schematron is based on architecture of participation principles, and most of its implementations are open-source. A validation/rules engine based on Schematron is powered simply by an XSLT processor. Constraints are completely separate from the execution engine. The language became an ISO Standard in 2006 (ISO/IEC 19757-3 – DSDL). The Schematron XML Schema defines a rules template and enforces the rules syntax.

The process sequence when the Schematron rules are embedded in a W3C schema is shown in Figure 1 and conveys the simplicity of Schematron:


Figure 1
Figure 1

It is usually desirable for enterprises to define a generic set of abstract atomic constraints to be reused to produce compound (derivative) business constraints. Schematron supports this reuse through abstract rules and patterns. Progressive constraining or validation in stages can be achieved through the Schematron <phase> element. Additionally, Schematron has a powerful reporting capability in the form of the Schematron Validation Report Language (SVRL), which is specified as part of ISO Schematron. Enterprise constraints described in terms of Schematron rules can be easily exposed as REST services, providing both programmable and human-readable representations.

Samples using Schematron

Listing 1 shows a sample schema to which the following rules are applied

  1. Person First Name and last name must be less than 30 characters long.
  2. Person First Name and last name must be alphanumeric but cannot start with a number.
  3. Person Tax id must be a number of length 9.
  4. If country is US, then zip code must be present, otherwise the postal code must be present.
  5. State and country must be validated against a list.

The complete solution using schematron rules is given in the downloadable Schematron Rules Sample below.


Listing 1. PersonSample schema
	<xs:schema>
	<xs:element name="PersonSample">
	<xs:complexType>
	<xs:sequence>
<xs:element ref="person" maxOccurs="10"/>
</xs:sequence>
</xs:complexType>
</xs:element>
	<xs:element name="person">
	<xs:complexType>
	<xs:sequence>
<xs:element ref="firstName"/>
<xs:element ref="lastName"/>
<xs:element ref="address" maxOccurs="5"/>
<xs:element ref="taxId"/>
</xs:sequence>
</xs:complexType>
</xs:element>
	<xs:element name="address">
	<xs:complexType>
	<xs:sequence>
	<xs:element ref="street">
	<xs:annotation>
	<xs:appinfo>
	<iso:pattern id="streetValidate">
	<iso:rule context="PersonSample/person/address/street">
<iso:assert test="string-length(normalize-space(.)) 
	<30">Street address must be less than 30 characters</iso:assert>
</iso:rule>
</iso:pattern>
</xs:appinfo>
</xs:annotation>
</xs:element>
<xs:element ref="city" minOccurs="0"/>
. . . 
	<xs:choice minOccurs="0">
<xs:element ref="zipCode"/>
<xs:element ref="postalCode"/>
</xs:choice>
<xs:element ref="state" minOccurs="0"/>
<xs:element ref="country"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="zipCode" type="xs:token"/>
<xs:element name="postalCode" type="xs:token"/>
<xs:element name="taxId" type="xs:token"/>
<xs:element name="street" type="xs:token"/>
<xs:element name="state" type="xs:token"/>
<xs:element name="lastName" type="xs:token"/>
<xs:element name="firstName" type="xs:token"/>
<xs:element name="city" type="xs:token"/>
<xs:element name="country" type="xs:token"/>
</xs:schema>

In Listing 2, an abstract rule named validCharacters is extended by the first name and last name constraints. (DataPower currently does not fully support XSLT2.0 and XPATH2.0.)


Listing 2. Abstract rule
<!-- ABSTRACT RULE FOR VALID CHARACTERS -->
	<!-- Can contain only alphanumeric and can only start with an alphabet  -->
	<iso:rule abstract="true" id="validCharacters">
		<iso:assert test="not(normalize-space(translate(.,' 
ABCDEFGHIJKLMNOPQRSTUVWXYZ
	abcdefghijklmnopqrstuvwxyz0123456789','*                                                              
|-------- XML error:  The previous line is longer than the max of 90 characters ---------|
')))" diagnostics="d1">Only alphanumeric characters are allowed. </iso:assert>
		<iso:assert test="normalize-space(translate(substring(.,1,1),' 0123456789','*
'))" diagnostics="d1">First character must be alphabet. </iso:assert>

	</iso:rule> 
   
	<!-- person constraints -->
	<iso:pattern name="person validation" id="personValidate">
	
		<!-- First Name constraints -->
		<iso:rule context="/PersonSample/person/firstName">		
			<iso:extends rule="validCharacters"/> 
			<iso:assert test="string-length(normalize-space(.)) &lt; 30 and string-
length(normalize-space(.)) &gt; 0" diagnostics="d1">The person first-name is required 
and must be less than 30 characters</iso:assert>
		</iso:rule>
		
		<!-- Last Name constraints -->
		<iso:rule context="/PersonSample/person/lastName">		
			<iso:extends rule="validCharacters"/> 
			<iso:assert test="string-length(normalize-space(.)) &lt; 30 and string-
length(normalize-space(.)) &gt; 0" diagnostics="d1">The person last-name is required 
and must be less than 30 characters</iso:assert>
		</iso:rule>

DataPower can be a constraints engine platform

With DataPower as a proxy processor, requests and response messages can be validated at the enterprise edge. Invalid data can be filtered out at the edge to limit legal liabilities. Validation also improves the efficiency of back-end processes, since they only process requests containing valid data. Responses returned to users can also be verified to enforce enterprise rules and standards as well as service level agreements. Finally, you can use DataPower as a co-processor to constrain enterprise data on other architectural layers.

It is desirable to use a common industry-standard XML vocabulary if one exists, such as ACORD for insurance, SWIFT for finance, and HIPAA for healthcare. Such vocabularies deliver the consumability quality for REST services in the Web 2.0 space, and encourage interoperability of enterprise services. It is common, however, to define an internal enterprise XML vocabulary for variety of reasons, including independence from external standard body decisions, and expression of specific enterprise business rules and policies. You can repurpose Schematron-based constraints to support either industry-based or internal XML vocabularies, which means that you can expose constraints to customers and business partners, thus enabling them to integrate the enterprise constraints into their workflows. Business partners can incorporate Schematron fragments from other enterprises into their rules if ISO Schematron is chosen as the standard for defining business rules and constraints for the particular industry.

Figure 2 shows a policy in which Schematron validation rules are used on DataPower:


Figure 2. Configure XML firewall policy
Figure 2. Configure XML firewall policy

Constraints are applied to a Person instance document (see code in the downloadable Schematron Rules Sample below). The validation rules shown in the Transform Action (person_validation_XSLT1.xsl) are the result of the SVRL and pre-processing rules applied to the pre-processed file (defined as steps 1 and 2 of Figure 1 above). The validation rules can be generated on DataPower, but since this alters only when the Schematron rules change, it can be separated from transaction processing. These rules are applied to the instance document in the first transform action, which generates an SVRL report. The second transform action shown in Figure 2 checks the results of the validation and rejects the requests that have failed the validation.

Conclusion

The WebSphere DataPower SOA Appliance is a powerful engine for Schematron-based constraints implementation in both proxy and co-processor modes. A Schematron-based implementation for a representation-oriented approach complements other features readily available on DataPower, including XML schema compliance enforcement and XML threat protection.

You can integrate Schematron rules with DataPower extension functions and apply them as a filter action. Additionally, you can expose Schematron rules to customers and business partners with DataPower.

Footnotes

  1. ISO Schematron: A language for making assertions about patterns found in XML documents.

  2. Toward Quality Data. An Attribute-based Approach, Richard Y. Wang, et al. Decision Support Systems, 13, 1995.

  3. Data Warehouse Quality: A Review of the DWQ Project, Matthias Jarke, Yannis Vassiliou. Proceedings of the 2nd Conference on Information Quality, MIT, Cambridge, MA, 1997.

  4. Patterns for REST Services with SOA DataPower Appliances, Daniel Colonnese, Alex Klevitsky. 2007.

  5. Architectural Styles and the Design of Network-based Software Architecture, Roy Fielding. PhD Dissertation, 2000.




Back to top


Download

DescriptionNameSizeDownload method
Code sampleSamples_Using_Schematron.zip345 KBHTTP
Information about download methods


Resources



About the authors

Daniel Colonnese is a WebSphere specialist who focuses on helping insurance and financial services clients design and build service-based applications.


Alex Klevitsky is the Director of Architecture and Enterprise Software at MIB, Inc. He has over twenty years experience in design, development and implementation of business and engineering applications, as well as software tools


Usha Manohar is a Systems Architect at Medical Information Bureau, Inc., in Westwood, MA. You can contact Usha at umanohar@mib.com.




Rate this page


Please take a moment to complete this form to help us better serve you.



YesNoDon't know
 


 


12345
Not
useful		Extremely
useful
 


Back to top