CSE 300 Service-oriented architectures SOA and their application

CSE 300 Service-oriented architectures (SOA) and their application and usage in healthcare Herak Sen CSE 300: Topics in Biomedical Informatics herak. sen@engr. uconn. edu Computer Science & Engineering Department The University of Connecticut 371 Fairfield Road, Box U-255 Storrs, CT 06269 -2155 1

Outline CSE 300 m m m Introduction and Motivation Role of SOA Background on SOA in healthcare: m Connected Health Framework – Microsoft m Health Research Data Network (HRDN) m Modeling Medical e-services m Mobile Bottlenecks 2

Introduction and Motivation (Complexity) CSE 300 m Operate in different environment m Entity focused i. e. built specifically for providers, patient , insurance companies etc m Minimum information sharing m Hardly any interaction m Complicated business, legal and ethical rules 3

Introduction and Motivation (Outcome) m CSE 300 m Patient suffers m Repeats information to different kinds of entity m No simple way to find information in times of emergency Quality m 8 th leading cause of death in US in medical errors m Duplicate patient information may be lead to repeated testing due to conflicts m 1/3 spending on healthcare goes to fix the duplication m $2. 7 trillion estimated expenditure by 2010 but not number 1 in health care services 4

Introduction and Motivation (Solutions) m CSE 300 Technology m Give the entities especially patients to choose health services m Adoption of connected computer systems could reduce error and money m Internet can be used to deliver health information quickly m Standardize health data exchange m Use the current systems instead of making new ones Create a non-proprietary “network of networks” that will support rapid health information flow 5

Role of SOA m Significant work in independent healthcare area m PHR m EMR m Medication Management tool m Chronic disease management tools m Need to connect various systems m Service Oriented Architecture m Provides ways to connect disparate systems m Connect at edge of one system CSE 300 6

Role of SOA (healthcare) m CSE 300 m m Common Framework of standards at National Level m Data Exchange m Security and Authorization m Data Integrity All built as services Using such services to integrate various existing systems m No redesigning of existing systems m Secure integration without jeopardizing patients and providers confidential data 7

CSE 300 Service Oriented Architecture 8

Service Oriented Architecture m CSE 300 Definition m The policies, practices, frameworks that enable application functionality to be provided and consumed as sets of services published at a granularity relevant to the service consumer. m Services can published, discovered and invoked m Abstracted away from the implementation using standards-based form of interfaces. One can think “functions” in a program as services 1. Hides the implementation 2. Discoverable by the library it belongs 3. Can be invoked to get results 4. Publishable through a library 9

SOA Motivation CSE 300 m m m Present systems are across different architectures networks and even between organizations Challenge is to find extendible, flexible that fits into legacy systems Need to adapt to changing business models without effecting other parts of systems Integration Provide existing business functionalities as services that can be reused 10

SOA Examples CSE 300 m m m Yahoo q Flickr q Travel Google q SOAP search API Amazon q Amazon Associates Web Service exposes Amazon's product data and e-commerce functionality q Amazon Dev. Pay is a simple-to-use billing and account management service 11

SOA Components CSE 300 m m m Services m The contract defined between one or more “published” interfaces exposing well-defined functionalities Interfaces m Defining services , like header files in C++ m Contracts Published Services m Published services are exposed through network m Public services are exposed within a system 12

SOA Components CSE 300 m Service provider m The software entity that implements a service specification m Services are just interfaces m Provider provides implementation m There can be many implementations m Its up to the client to select the service provider 13

SOA Components CSE 300 m Clients m The software entity that requests the services m Clients can be an end user application or another service m Typically they would choose a particular provider and call the appropriate service 14

SOA Components CSE 300 m Service locator m A specific kind of service provider m Acts as a registry and allows for the lookup of service provider interfaces and service locations m Identifiers are used to used for clients to discover the services m Service must be dynamically discovered and therefore their location should not be hard coded 15

SOA Components CSE 300 m Service broker m A special service provider that can pass on service requests to one or more additional service providers Components of SOA 16

SOA Management CSE 300 m m m Security q Authorize requests, encrypt and decrypt data as required, and validate information. Deployment q Allow the service to be moved around the network to maximize performance or eliminate redundancy to provide optimum availability. Logging q Provide auditing and metering capabilities. Dynamic rerouting q Provide fail-over or load-balancing capabilities. Maintenance q Manage new versions of the service. 17

CSE 300 Web Services 18

Web Services CSE 300 m SOA can be implemented in many ways with web services as the most popular m Definition by The Web Services Architecture Working Group m “A Web service is a software system identified by a URI, whose public interfaces and bindings are defined and described using XML. Its definition can be discovered by other software systems. These systems may then interact with the Web service in a manner prescribed by its definition, using XML based messages conveyed by Internet protocols ” 19

Web Service components CSE 300 m m Service q Defined using XML based language called Web Service Descriptor Language (WSDL). q Contains operation performed, data types used and communication protocol used Simple Object Access Protocol (SOAP) q Lightweight XML based protocol. q Platform independent q No drawbacks of RPC like security, compatibility and blocking by firewalls and proxy servers q Web service may also use other transport protocol such as HTTP, MIME, SSL, SMTP etc 20

Web Service components CSE 300 m Universal Description, Discovery and Integration (UDDI) q Web service that manages information about service providers, implementations and metadata. q Service providers can advertise their web services through UDDI q Defined in XML 21

Web Service components CSE 300 SOAP, HTTP, SSL etc WSDL UDDI 22

Web Service Performance and Reliability CSE 300 m m Questions? m Can we depend on network m Is it slow m Enterprise system support Answer – Distributed Architecture solutions m Internal services may use RPC m Load balancing software m Fault tolerant clusters m Wide area load distribution m Replica Management m WS- Transactions 23

Web Service Performance and Reliability CSE 300 m Scalability m Asynchronous callbacks to reduce transport layer overhead m Queues- Component that just listens to the requests 24

Web Service Security CSE 300 m m SOAP and XML are text based WS- Security m Integrating security with SOAP m Provides message integrity using XML signatures m Associates security tokens with messages for confidentiality m Support multiple security tokens format such as Username, X. 509, SAML, REL Kerberos etc 25

Web Service Security considerations m CSE 300 m m m m Message VS Transport layer security Client authentication VS Sophisticated brokered solutions, including X. 509, Kerberos protocol Protecting confidentiality of messages. Detecting tampered messages. Preventing the processing of replayed messages. Accessing remote resources and flowing identity across tiers. Preventing exceptions from revealing sensitive implementation details. Protecting Web services from malformed or malicious messages. 26

CSE 300 SOA in Healthcare 27

Connected Health CSE 300 m m Connecting for health m A private public collaborative organization that studies various fields of health information technology Features m Safeguards privacy m Decentralized m Federated m Network of networks built on Internet m No central repository (e. g. patient medical records) m Exchange with authorization 28

Connected Health CSE 300 m m Common Framework m Ensures interoperability m Secure transport in internet m Reliable authentication m Network software m Common policies m Methodologies m Documents m Use proven data standards Private-public fund 29

Connected Health CSE 300 m Conclusions m Cannot be centralized m Standards and common framework allows easy interoperability Service Oriented Architecture fits in this paradigm 30

CSE 300 Connected Health Framework. Microsoft 31

Connected Health Framework-Microsoft CSE 300 m m m m Architectural approach following the “Connecting for health” guidelines Information system with common definitions both at technical and business level Patient as the main entity Lack of integration services between organization results in inefficiency No national health ID Systems should link at the edges using authorization Federated based on data standards, interoperable, protects patient’s privacy and is built incrementally 32

Connected Health Framework-Microsoft CSE 300 m m Architectural Description Service oriented m Modular approach m Reduces dependencies between systems m Use open standards and protocols m Interoperable Federated data m Data should reside as close as possible to where it‘s created and administered m Caching at various level (departmental, regional, national) 33

Connected Health Framework-Microsoft CSE 300 m m Federated security m Easier management of identities m Delegating aspects of authentication m Delegating role assignments Trustworthiness m Reliable m Fault tolerant 34

Connected Health Framework-Microsoft CSE 300 Business Pattern for Healthcare 35

Connected Health Framework-Microsoft CSE 300 Architecture 36

Connected Health Framework-Microsoft CSE 300 Alignment of Business and Technical Architectures 37

Connected Health Framework-Microsoft CSE 300 m Advantages m High level architectural m Applicable to various medical domain m Tries to separate stable and volatile processes m Very modular m Provides good integration Based on Service Oriented Architecture 38

CSE 300 Health Research Data Network (HRDN) 39

Health Research Data Network (HRDN) CSE 300 m m “Collection of software services, connected via high bandwidth communication infrastructure and standardized interfaces, enabling use participating data collection by authorized participants. ” Motivation m Health Researchers constantly need data or their research and experiments m The data sets though exist but are difficult to acquire due to their sensitive nature m Data custodian organizations keep such data though there are ethical and legislative requirements for accessing those for research purpose 40

Health Research Data Network (HRDN) CSE 300 m Goal m Minimize the time for researchers to access the data m Access without violating various requirements m Organizational Requirement m Ethical Requirement m Legislative Requirement m Support collaboration and re-use of knowledge among the HRDN participants 41

Health Research Data Network (HRDN) CSE 300 Abstract HRDN Architecture 42

Health Research Data Network (HRDN) CSE 300 m m Preparing m Collection of data by data custodians m Does not dictate how to collect data. Storing m Adding software and standards around data held by data custodians m HRDN does not force data custodian how to store data. m It provides services to access data from data custodian’s legacy system 43

Health Research Data Network (HRDN) CSE 300 Sharing Allows resources to be discovered and also access to multiple data sources and other services m Data Services m Accepts a request for data as query and returns requested data as messages. m Response may also contain some metadata such as timestamp and volume summary m May invoke security, auditing and logging services 44

Health Research Data Network (HRDN) CSE 300 m m m Sharing Orchestration Services m Responsible for invocation of network resources. m It takes a series of scenarios or a workflow that involves invocation of various resources Planner and Transformation services m Responsible for transformation of data as per various schemas Cache Manager m Responsible for the persistent and safe data storage m It receives requests from clients for standard data creation, updating, deletion and retrieval 45

Health Research Data Network (HRDN) CSE 300 Using: These services provide the final response to the clients. Services m Analytical Information Management service m checks whether the given data fits for the request. Generates metadata relating to the quality of fitness. m Exploratory Data Analysis service provides various statistical summaries and graphical forms. m Surveillance Analysis service provides some specialist analysis functions appropriate for health surveillance. m Statistical Model Building service provides statistical and decision making services. 46

Health Research Data Network (HRDN) CSE 300 m Describing: m These services provide metadata management, such as in sharing layer the metadata can be the track of information flow or in the preparing and storing layer metadata such as who created and stored the data, time etc can be stored. 47

Health Research Data Network (HRDN) CSE 300 m Protecting : m Member Registration Services provides mean to authenticate users using membership definitions policy etc and responds with security token. m Security Token Services generated security tokens and may form input for other services m Session Initiator that allows user to log on m Agreement Facilitator that validates whether request matches the custodian requirements etc are part of this layer 48

Health Research Data Network (HRDN) CSE 300 HRDN Services 49

CSE 300 Modeling Medical e-services 50

Modeling Medical e-services CSE 300 m m m Defines requirements of a Web service based middleware for the execution of medical e-services Enable building integrated medical applications for Internet-based workflow execution. The workflows and business logic can be spread across various organizations. Web services provides a feasible way to model, design and implement workflows. Example of medical information systems, the HIS (Hospital Information System), the RIS (Radiology Information System) and the PACS (Picture Achieving and Communication system) 51

Modeling Medical e-services CSE 300 m m IHE - Integrating the Healthcare Enterprise m Provides framework for integration m Cardiology, Eye Care, IT Infrastructure etc Integration based in IHE done using traditional workflow in Intranet based environment Workflows can span across organizational boundaries Web service based workflow model that implements IHE conformant transactions to provide medical eservices functionality in a mixed Intra- net/Internet environment 52

Modeling Medical e-services-Requirements CSE 300 m HL 7 and DICOM (Digital Imaging and Communications in Medicine) encoding m Attach the original messages to SOAP messages. m WS-Attachments, SOAP Messages with Attachments m More recently, the it supports base 64 binary encoding of data and is currently evolving as the standard mechanism for transferring binary data as it doesn’t require additional protocol parsers 53

Modeling Medical e-services-Requirements CSE 300 m Modeling workflows m BPEL (Business Process Execution Language) m WS-BPEL supports business transaction and defines an interoperable integration model that should facilitate the expansion of automated process integration in intra corporate or B 2 B. 54

Modeling Medical e-services-Requirements CSE 300 m m m Web Service Transactions m Application must take care of transaction. m WS-Transaction provides a standard for web service transaction Web service security m WS- security provides many of securing web services m WS-Trust and WS- Secure. Conversation can also be used Web service registration and binding m UDDI – Registry of medical services 55

CSE 300 Mobile Healthcare Information Support 56

Mobile Healthcare Information Support CSE 300 m m Wireless devices can provide point of care access to various health related information Can build real time care process Researchers are trying to integrate Health Information Systems with both wired and wireless network Ultimately provide faster access to data 57

Mobile Healthcare Information Support CSE 300 m m m Different from Desktop m Processor power m Bandwidth m Display Existing web content suits desktops on wired network There is need to adapt content to meet the constraints mentioned above in small mobile devices 58

Mobile Healthcare Information Support CSE 300 m Solution m Provide health care information on both wired and wireless network m Reconfigure web contents according the mobile devices Architecture 59

Mobile Healthcare Information Support CSE 300 m m Web service are published Medical information accessed through web service Desktop application call the web service to display the information Mobile context server accesses information through web service and applies context to the contents by using styles, an attribute override, and templates according to the resources of a given mobile device. 60

CSE 300 Bottlenecks 61

Bottlenecks CSE 300 m m SOA requires expertise in designing m Healthcare domain in very complex m Architects must spend significant amount in designing the framework of reusable services m Both public-private organizations must work together Standards m Medical data standards are emerging m Need to determine whether they are sufficient m Interoperable 62

Bottlenecks CSE 300 m m Service discovery m Services can be quite complex m Requires considerable human expertise to select the correct service m Services must be well described Not well defined health areas m Dosing depends on not very well formed parameters m Need for researchers in both medicine and SOA to indentify such areas and find ways of constructing services 63

Bottlenecks CSE 300 m m Real Time m SOA is distributed m Skeptical about SOA in emergency situations m Services must be well described Promote m Motivate health organization for integrating their health services m Reluctant sharing information m Commercial services can be profitable 64

CSE 300 Thank You 65