.gif)
by Christoph Schittko, Darryl Hogan, andJon Box
Summary: What sets a vehicle apart from a hunk ofmetal and four wheels? It’s all about features. Manufacturers are constantlyadding newer media devices, more powerful motors, and softer seats, all in thename of improving the driver’s experience. Yet with all these improvements, automanufacturers have barely scratched the surface with respect to thecapabilities of the myriad of software and services advances available inrecent years.
There has been a lot of talk around services in the cloudand their application based on the consumption of services. Despite this, manyreference architectures and papers aimed at demonstrating patterns for designingthese systems have taken an idealistic approach to the application—frequentlyciting simple examples or applying scenarios that are not pragmatic. This paperdefines a practical solution architecture based on a scenario one mightencounter in everyday life. We intend to inspire architects to use the same approachto define innovative solutions for the problems they face.
The solution architecture defined here is a combination ofreal platform services that exist today and fabricated services that help roundout the solution. This solution will demonstrate the application of Software +Services (S+S) to mobile application architecture as a means to extend thedigital lifestyle beyond the desktop. Security, privacy, and data architecturewill be addressed broadly.
Contents
Scenario
Solution Architecture
Value Add Services
Services Technology Platform
Mobile Client Technology Platform
Client Application
Service Delivery Patterns
Security, Identity and the Client
Authentication and Authorization
Multitenant Data Architecture
Conclusion
About the Authors
Scenario
The Woodson family has just purchased a new car with amobile computer on board. This PC serves as their guidance and entertainmentsystem, but also comes preloaded with several productivity applications, suchas travel planning, reminders, and a list manager. The software loaded on theAuto PC not only performs processing locally on the device, but also leveragesservices in the cloud to enhance the capabilities of the device and to ensurethat the information presented by the software is up-to-date.
The Woodsons have decided to take their new car on theupcoming family road trip. Mary Woodson is not only the mom; she is the familyevent coordinator. Mary sits down at the family computer to plan their adventureusing a Web-based version of the trip planning application shipped with theirin-car computer. Mary plans the route they will drive and makes reservationsfor hotel and restaurant stops along the way. Mary unwittingly uses a mashupconsisting of a number of services running in the cloud. All the informationpertinent to the trip is stored remotely in an Internet-based location which isaccessible only by Mary and her designates.
“The Internet is at the beginning of itstransformation to become a platform for services in the cloud: Platforms suchas Windows Live provide AP Is for presence, alerting, contact and calendarmanagement, as well as maps and directions; as another example, BizTalkServices will offer a pub-sub platform and message routing and delivery.”
When the time comes to confirm the hotel reservations andpay for attraction tickets, Mary hesitates when she’s asked for her credit cardinformation. She’s heard that entering your credit card information on a Website can potentially lead to identity theft. She’s soon relieved to discoverthat she can create and use a digital information card managed by her bank topresent payment information to the various vendors. This option provides ameasure of safety over presenting her credit card information over the Internetto each of these vendors individually. She can select the appropriate cardright from her desktop as a source of payment information, allowing her bank topass her secured credit card information to the necessary vendors without transmittingsensitive information from her PC.
The trip starts with a reasonable lack of eventfulness. Thekids have chosen to take only a few of their own DVDs along for the trip. Ifthey decide on a whim that they’d like to see something different they canalways download a movie to the car. For Dad, his smartphone connects itself tothe car via Bluetooth and his calls, text messages, and email are now directedto the vehicle’s computer rather than his phone. An incoming text message fromthe home security system indicates that one of the motion detectors has pickedup movement in the backyard. Dad places a call to Bob Thomas next door whochecks the situation to find it was only one of the neighborhood kids chasing astray ball.
A few hours into the journey the engine light comes on. Datais immediately sent to a diagnostic service provided by the vehiclemanufacturer. The service finds a warranty issue that needs to be tended to andreturns a message to the on-board PC with a simple diagnostic report and thename and location of the dealer nearest the car’s current location. Mom clickson the dealer’s address to get turn-by-turn directions and the family heads forthe detour. The family uses the search functionality on the car’s computerconsole to find a restaurant near the dealer for a quick snack. (Figure 1illustrates this engine light scenario.)
After servicing their car they are back on their way, threehours behind schedule. Mom pulls up the travel itinerary she created at home.The dinner reservation at the restaurant in the next town needs to be cancelledand new dinner plans need to be made. Mom orders pizza online to be picked upat a nearby pizzeria and pays for it once again using her banking informationcard. After a great meal they all look forward to a memorable trip.
.jpg)
Figure 1. The Auto PC offers applications to manage the vehicle and travel
Solution Architecture
Architecture Options
As you can imagine from the scenario, the solution bringstogether services from numerous providers and applications that consume theseservices. The consuming applications could either be application containersfollowing the composite User Interface (UI) pattern to allow dynamicprovisioning of new services or it could be special purpose custom applicationsdelivered as client applications. The general approach follows the S+S paradigmto provide a simple, yet rich and intuitive user experience across devices andaudiences. The combination of client software and remote services isparticularly important in this mobile scenario because the locally runningsoftware can improve user experience by masking the high latency over-the-airservice invocations or temporary network connection problems that are commoneven on modern wireless wide area networks.
The services fall into three general categories (Table 1):
- Common Platform Services, commodity services published by third-party service providers. These are the kinds of services that other service providers will build on top of in order to extend their story, as well as to utilize the maturity and stability of others’ infrastructure, specialization, and business efforts (one of the core principles of S+S). Many software and online businesses have realized the opportunity of building out a platform “in the cloud.” Microsoft’s offering of services under the Windows Live brand is one example for an Internet platform.
- Manufacturer Services, provided by the manufacturer either within the car or in the cloud to access vehicle, dealer, and manufacturer information.
- Value Add Services, provided by the car manufacturer or third parties to offer services that increase sales or customer loyalty or services offered to support special purpose devices sold by third parties.
These service categories refine the more generic servicetaxonomy for Windows Live services listed at: http://www.microsoft.com/online/default.mspx
| Connected Consumer Experience Service | Windows Live Service Category |
| Common Platform Services | Building Block Service |
| Manufacturer Services | Attached Service |
| Value Add Services | Finished Service or Attached Service |
Table 1. Connected Consumer service categoriesrelationship to the Windows Live service taxonomy
Technology Environment (Constraints and Assumptions)
The solution requires an environment where Internet accessis widely available, but not necessarily ubiquitous. Ideally, the car has themeans to connect to the Internet without additional devices — for example, itdoes not require a cradled cell phone to enable network access to servicesprovided by the car. Network access to the car enables application scenariossuch as remote start, remote diagnostics, and notifications of events in thecar.
Some applications that benefit from location information maynot need the context provided by vehicle-specific data. Such applications couldalso run on commodity devices, such as GPS enabled smartphones and personaldigital assistants, because there is no dependency on the vehicle-specificdata. These devices are often equipped with modern platforms like the .NETCompact Framework and can access SOAP-based Web services just like a server ora desktop computer. Visual Studio 2008 and .NET Compact Framework 3.5 addsupport for consuming WCF and WS-* based web services for WS-Addressing andmessage-level security based on WS-Security.
Value Add Services
In our scenario, the Woodson family touches many differenttypes of software and services. For instance, the vehicle manufacturer provideda service to analyze vehicle diagnostic data and to notify the vehicle owner ofa problem along with information on where to get the problem fixed. The tripplanning service stored their travel itinerary and made it accessible from theInternet. These are value-added services which can be more completely describedas services which provide a unique experience to the consumer. They differ fromcommon platform services in that they are not considered general purpose orwidely available. Instead, they are most likely developed to establish acompetitive advantage and perhaps to extend the usefulness of another product.
In many cases, these services may be composites of customcode and one or more core platform services, allowing the service provider tomake available features where they are lacking domain-specific knowledge. Anexample of a composite application would be a dealer locator service (Figure2). An automotive manufacturer may know the location of their dealerships, butit is unlikely that they would have the data necessary to provide navigationalguidance to the dealer from a specific location. The manufacturer would mostlikely rely on services provided by Windows Live Maps or Mapquest.
.jpg)
Figure 2. The RescueMe composite services aggregates car manufacturer andthird-party services
In and of themselves, value-add services would not beconsidered finished products. These services are domain-specific buildingblocks to build complete applications. We can say that these services providethe features used to create a more complex and complete piece of software.
The most flexibility is gained using a deployment model thatconsists solely of services running in the cloud, because changes only requireupdates to the servers hosting the services, not to each car that consumes theservice. These services are typically HTTP-based services that can be invokedby a client — either an application or another service. The benefit of thisapproach is that all the executing software is centrally deployed to a datacenter making it easier to manage. The drawback is that the service consumermust have a connection available to make use of the service (Figure 3).
.jpg)
Figure 3. The most flexible architecture consumes only remote services
Although it is possible to run the complete solution on theclient, this pattern constitutes a closed environment where access to morerelevant and up-to-date data is not possible, making the solution less useful.This is the blueprint that exists today for many mobile computing systems,especially those based in automobiles. The upgrade path for these devices isnon-existent and the limited functionality they provide is of minimal benefitto the owner of the device (Figure 4).
.jpg)
Figure 4. The least flexible architecture consumes only local servicesoffered by the vehicle
A preferable pattern for a mobile computing solution takesadvantage of the ability to access software and data stored on the localdevice. In this case we can deploy the value-add logic to the device and makeenough data available to the application that the application would be usefuleven when the connection is unavailable. This model decentralizes a great dealof integration and control logic and introduces maintenance and bug fixchallenges, but the improvement in the user’s experience will likely make the painsworthwhile (Figure 5).
.jpg)
Figure 5. The Software+Services architecture combines benefits of local andremote services
Services Technology Platform
The Internet is at the beginning of its transformation tobecome a platform for services in the cloud: Platforms such as Windows Liveprovide basic APIs for presence, alerting, contact, and calendar management, aswell as Virtual Earth maps and driving directions; as another example, BizTalkServices will offer a pub-sub platform and message routing and delivery. Theseare all key ingredients for rich, robust connected applications, but currentfeature sets and SLAs reflect that these services are still early in their lifecycle.
Future services could extend presence settings with a“driving in the car” setting that always allows traffic alerts and some alertsthat the driver configured—the alert API could add “car” in addition to “IMapplication,” “email,” and “SMS” to the list of notification endpoints.
Mobile Client Technology Platform
There are several platforms to choose from when it comes torealizing the connected consumer experience and there are trade-offs betweenthe platforms. The priorities and constraints dictated by the actual solutionhave to drive the platform selection. In general, Windows Vista Embeddedenables the richest experience through the feature set of the operating systemand the full .NET Framework, but it’s also the platform with the largestfootprint, the most demanding processor requirements, and highest licensingcost. Windows CE provides a lower cost alternative with lower hardwarerequirements, and more options to customize the operating system but fewercapabilities. A Windows CE-based platform should include the .NET CompactFramework to take advantage of the productivity benefits of managed codedevelopment and base class libraries. Finally, Windows Mobile provides aconstantly improving richer experience. Platform services are provided throughthe compact framework, providing a programming model consistent with the skillsof a broad set of developers. Table 2 lists the strengths and limitations ofeach platform for mobile application development.
|
| Windows Embedded .NET Framework | Windows CE .NET Compact Framework | Windows Mobile .NET Compact Framework 2.0 (3.5) |
| Target Scenario | Rich In-Vehicle Scenario UMPC | Low Fidelity In-Vehicle Scenario | Consumer Device |
| UX | Full WPF feature set | Windows Forms Silverlight in the Future Touch | Windows Forms Silverlight in the Future Touch |
| Communication | WCF SOAP, REST and JSON | WS-I SOAP Web Services WCF Client (3.5) | WS-I SOAP Web Services WCF Client (3.5) |
| Interaction | Speech with Vista or Third-Party Add-OnTouch | Speech Third-Party Add-On Touch if hardware support | Speech Third-Party Add-On Touch on PocketPC devices |
| Authentication | CardSpace | Username | Certificates |
| Data Storage | Full access to local storage devices and a variety of databases | Local file system Optional SQL CE | Local file system SQL CE |
| Development Tools | Visual Studio | Visual Studio | Visual Studio |
| Car Integration | Yes, via serial or custom ports | Yes, via serial or custom ports | No |
Table 2. Client platform decision points
Client Application
Several options for interacting with computing systems areavailable to us today. Rich client applications realize the greatest benefitsconsuming services because they can take advantage of local data storagemechanisms and computing power that is not available through Web-based deliverymechanisms. Web applications have the benefit of being centrally hosted andmanaged but, being connection-dependent, cannot fully realize the connectedconsumer experience. A rich client application, in addition to providing themost comprehensive user experience, is more readily able to take advantage ofservices that might only be available locally. It is more practical to consumeand evaluate vehicle performance data locally in the vehicle rather thanpassing the data into the cloud for further processing. We also avoid anyprivacy and security issues when we don’t transmit data from the car to remoteservices.
Lastly, a rich client application can handle identity andsession more easily than a Web-based application. It is a trivial exercise tostore information cards locally on a device and use those cards to establishidentity with a service or another application.
Service Delivery Patterns
We can expect that Internet connectivity is widely availableto our solution, but we cannot make the assumption that connectivity isubiquitous. Each service delivery pattern has different strengths in terms oflatency, flexibility, and functionality (Table 3). A rich client allows us toadopt a set of design patterns that allow us not only to account for thosetimes when we are disconnected from the network, but also to use the additionalcapabilities of the client to enhance the user experience.
| Pattern | Latency | Flexibility | Functionality |
| Thin service consumer | High | High | Medium |
| Richer client | Medium | Medium | Medium |
| Smart client | Low | Low | High |
Table 3. Comparison of client architectures
Many rich applications built these days are only shells providinginput and output for a set of services living behind the user interface. Inthis pattern, the client is highly reliant on connectivity to provide any kindof useful interaction for the end user. This client may have simple caching todeal with network latency or conditions where the network is simply notavailable, but it does not extend its usefulness beyond what is availablethrough the services it consumes.
We can extend this pattern to create a second, more usefulpattern in which the client remains a dependant service consumer, but thecomputing infrastructure is extended to the client. In other words, we takeadvantage of the application’s ability to perform processing tasks in thevehicle, thereby relieving the services of some of the processing burden. Atypical result in this case is a more responsive albeit still underachievingapplication.
Short of downloading all functionality to the client device,we can implement a pattern in which services become simple data providers andconsumers. The logic for how we utilize the data is embedded in the client andthe client becomes the focal point of the user’s experience. This patternallows us to deal with latency caused by slow or non-existent networkconnections as well as presenting to the user an experience resembling her homePC. One issue related to this pattern is that of upgradeability. Because theapplication is deployed to the client device it becomes more difficult to addfunctionality or to upgrade existing functionality. Services such as the .NETFramework’s click-once deployment model and adoption of composite UIapplication patterns help overcome this challenge. New services can be readilyupgraded and added, as is the case with any Web service.
It is possible for software vendors and service providers tooffer multiple versions of their products—for example, a vehicle-independentversion for devices offered through regular retail channels and avehicle-specific version offered through the vehicle manufacturer that offersadditional functionality (Figure 6). An enhanced model would “light up” theexperience on the device and in the car when a customer buys both products. Themobile device application could also provide value-adds, such as the display ofthe current location of the car, remote start, and automatic data sync from thedevice when it’s brought into the car. Both, the device application and thevehicle application can access the service provider’s cloud-based services,which increases their utilization because of the larger target audience.
.jpg)
Figure 6. Different heads allow for better utilization of service and a moredifferentiated user experience
With the S+S architecture, client applications are not boundto the vehicle. Services can be offered through myriad commodity devices suchas smartphones and mobile PCs with user experiences tailored to thoseplatforms. Because data stored in the cloud is available to any and alldevices, we can make the transition between devices almost completely seamless.The important tenet to maintain is that interaction with the devices should bea natural experience for the user. The growing collection of more and morepowerful devices presents many options to present a consistent level ofinteraction between client and computer. The user interface may change to suitthe form factor, but the level of service will remain the same.
Security, Identity and the Client
Identity is a challenge in any system as are authentication,authorization, and privacy. This is especially the case with mobile applications.The greater the remove between the core application and the device, the moredifficult it becomes to deal with matters of security. A richer client allowsus to maintain security tokens on the device, creating an arguably more secureapplication.
Secure Communication
Privacy is a major concern for anyone exchanging data withservices in the cloud. In the past, the focus was on HTTPS and SSL fortransmission of encrypted information. The problem with SSL is that it is apoint-to-point protocol and doesn’t allow for data to be exchanged securelybetween multiple endpoints. Composite applications (comprising multipleservices almost by definition) require an end-to-end approach to security. Abetter solution would be to obscure the data on the device and allow it to betransported over an encrypted or clear connection. This is the approach takenby the authors of the WS-Security protocol. The client device possesses apublic key used to encrypt the data before it is release for transport. Onlythe destination service is able to the decrypt the message. Data in the messageintended for different recipients can be encrypted with different public keys,thereby ensuring that data can only be read by the intended recipient.Client-side development platforms like the various versions of the .NETFramework implement WS-Security as part of WCF.
Digital signatures provide an added measure of trust. Theclient could use a unique identifier such as a private key from an X.509certificate to sign the message, ensuring that the data was indeed sent by theparty whose identity is claimed in the message; the digital signature wouldalso provide the assurance that the data was not tampered with in transit. Adigital signature is essentially a one-way hash of the originating data. If thehash cannot be reproduced by the recipient, the signature is understood to beinvalid: Either the key pair does not match, invalidating the claimed identity,or the data has been tampered with in transit.
The S+S approach enables use of WS-Security, but it offersan even more secure option to improve privacy: Not transmitting any secureinformation at all. Moving computing operations that include personallyidentifiable data to the car or the device eliminates the need to transmit theinformation over insecure channels. Take CardSpace authentication as anexample. A CardSpace identity tied to the car avoids transmitting personalidentity or weak username/password combinations.
In the interest of privacy, service providers are encouragednot to require any sensitive information. For all exceptions, the applicationprovider should request the user’s permission for transmitting information tothe service. By default, each application should follow Microsoft’s guidelinefor secure computing and not transmit any sensitive information withoutexplicit permission from the user.
Authentication andAuthorization
Identity tokens can be used to authenticate and authorizeusers for services they would like to access. An information card such as aCardSpace card would allow the user to present a claim of identity to aservice. The burden of verifying that identity could be held by the service ora relying party could be used to validate the identity. Authorization wouldstill be the responsibility of the invoked service.
Authentication is very important in our mobile scenario fora number for reasons: We need to restrict access to the application to payingcustomers, but we also need to ensure that each user’s private data isprotected from unauthorized access. In our scenario, there’s an additionalconcern: Remote access to the car. There are privacy concerns around accessingthe car’s location and travel history, but there are also safety concerns.Starting or stopping the car, for example, is a feature that needs to beguarded very tightly. You wouldn’t want a malicious hacker to shut off yourcar’s engine while you’re driving down the highway.
“The S+S approach enables use of WS-Security, but itoffers an even more secure option to improve privacy: Not transmitting anysecure information at all. Moving computing operations that include personallyidentifiable data to the car or the device eliminates the need to transmit theinformation over insecure channels.”
On the Internet, user identity is typically established byentering a username/password combination but that’s not the experience weexpect when we get into a car. The key is the traditional means of gettingaccess to the car and its services. We can employ a similar interaction modelfor in the connected services scenario with smart keys or CardSpace-basedsolutions.
However, there are a few interesting architectural concernsaround identity in the car. For one, the car itself is a multi-tenantapplication because it can have multiple drivers potentially with differentroles—the owner, the owner’s teenage daughter, or a mechanic that services thecar are a few examples. Many cars today offer preference settings for seat andsteering wheel positions for different drivers based on the key they carry.This experience can be extended to computing devices in the vehicle, makingapplications and data available based on the current driver’s identity. Accessto the entire system can be limited for guests in the car.
The concept of identity exists even for the vehicle itself(Figure 7). A digital identity could be assigned to individual cars allowingaccess to manufacturer services that provide vehicle-specific services. Driverson the other hand need a portable identity. Most computer users today have atleast one digital identity associated with them. Extending that identity to beused in a vehicle is not trivial, but is entirely possible.
.jpg)
Figure 7. Car and drivers need their own different digital identities toaccess services
Multitenant Data Architecture
Another factor to consider is the problem of data storageand privacy. In order to make this type of computing experience useful a goodamount of personal information would need to be stored in the cloud. Thiscreates a challenge for the data architect who must make sure that the data isstored in an efficient manner while not compromising the security and privacyof a consumer using the service.
Arguably the best solution for a data store with a largenumber of tenants is the shared database, shared schema method. In this case,the data of every tenant is stored in the same tables with data associated toeach tenant through metadata. This pattern places the guarantee of privacy andsecurity on any application accessing the data and may dictate additionalsoftware development costs, but the cost savings for the long term maintenanceof the data far outweighs this cost.
Conclusion
Connected consumer experiences such as the one outlined inthis article present a great opportunity to add value to existing products. Thecurrent and upcoming generations of consumers are technology savvy and willrely on digital helpers everywhere, not just on their desktop at work. Theubiquity of computing devices and the wide availability of network connectivitypresent an opportunity for manufacturers and new service providers to connectwith their customers in new and meaningful ways (Figure 8).
The car in particular is such an important part in manypeople’s life. You bring kids to school, visit customers, or take road tripvacations. You may spend hours each week driving around and you find yourselfin situations where some extra help can make a big difference to you.
.jpg)
Figure 8. The Internet services platform enables connected consumerexperiences in the car, on devices and the PC
The Microsoft Platform is very well suited for building S+Ssolutions on the client and on the server. Technologies like WCF and the .NETframework are well-suited to building cloud-based services because support formessage exchange protocols—such as JSON, POX/REST, SOAP, and WS-*—guaranteesinteroperability with all kinds of service consumers. Often, services are notbuilt from scratch but by aggregating existing services. Technologies likeBizTalk Server or the cloud-based BizTalk Services are well-suited to aggregatebuilding-block services into value-added services. The platform also offersWindows Live building-block services, such as contacts, alerts or photos, whichcan be included in value-added services.
Software + Services provide an excellent pattern fordelivering services across a number of platforms. Flexible service deliverymechanisms allow us to quickly add new features with little interruption toexisting systems. Advances in presentation technologies and device form factorsenable us to present software to users in the most context-appropriate manner.
We’re already seeing the combination of Software + Servicesemerging in many areas. Early adopters are proving the value of these solutionsand setting the bar for others to meet. The tools and the platforms are there.It’s only up to the application providers to build solutions that reach usersin the best possible ways.
About the Authors
Darryl Hogan is an architect in Microsoft’s Developerand Platform Evangelism Group. Darryl has extensive experience architecting andimplementing numerous enterprise applications during nearly 15 years in the ITindustry. In his current role, Darryl provides guidance and education toarchitects implementing enterprise solutions and enterprise architectures onMicrosoft technologies.
Christoph Schittko is an architect for Microsoftbased in Texas where he works with customers to build powerful solutions that combinesoftware + services for cutting edge user experiences and leveragingservice-oriented architecture (SOA) solutions. Prior to joining Microsoft,Christoph assisted with companies adopting service orientation and deliveringSoftware-as-a-Service (SaaS) solutions. Christoph has over 14 years experiencedeveloping and architecting software solutions in a wide variety of industries.He writes and speaks on Web services and XML at various conferences. Christophholds an advanced degree in Electrical Engineering from the Friedrich-AlexanderUniversity Erlangen-Nürnberg.
Jon Box is an architect evangelist at Microsoft. Heworks with customers to utilize Microsoft technologies to build impactful solutions.Jon has been programming professionally since 1985. He has worked in a varietyof environments and languages that include COBOL, Assembler, Clipper, C, C++(Borland, ATL, MFC, Win32, COM/DCOM), VB5/VB6, and .NET. For more thoughts fromJon, see his blog at http://blogs.msdn.com/jonbox.
This article was published in the Architecture Journal, a printand online publication produced by Microsoft. For more articles from thispublication, please visit the Architecture Journal Web site.
