Introduction

Background

A Service-Oriented Architecture enables a sustainable interoperability model between systems within the enterprise as well as for external systems requiring services to interact with CMS enterprise systems. To maximize the interoperability benefits with the appropriate security controls, CMS has established a set of enterprise standards and options for implementing SOA within the CMS enterprise.

CMS has determined that Web Services (WS) is the preferred implementation technology for SOA. For purposes of this architecture, Web Services includes both SOAP and REST implementations. Both are based on open Internet technologies and have diverse technical implementations in the marketplace.

CMS envisions SOA and Web Services as key enabling technologies for providing E-Government services over the Internet as well as within the enterprise.

The Web Services characterizations within this chapter align with CMS’s strategic priorities to develop an enterprise SOA for the CMS Processing Environments:

Promoting Consumer Centric Design
Promoting Standardization Across CMS
Promoting Developer User Interface / Experience

Purpose

The intent of this Web Services chapter is to delineate the Web Services architectural standards and relevant constraints for implementing those standards within the CMS TRA-defined environment, and for Web Services transactions between the CMS enterprise and external CMS partners. This chapter also addresses the integration of Web Service components within the CMS TRA-defined environment.

Scope

The concepts, strategies, and guidelines discussed in this chapter align with concepts, semantics, latest industry standards, and recommended practices defined by the World Wide Web Consortium (W3C), including but not limited to, Web Services architecture (available at: http://www.w3.org/TR/ws-arch/), Web Services policy (available at: http://www.w3.org/TR/ws-policy), XML (available at: http://www.w3.org/TR/xml11/), and other standards bodies as specified here.

SOAP, in general, uses the constellation of W3 WS-* and Organization for the Advancement of Structured Information Standards (OASIS) WS-I standards. SOAP supports information exchange via XML-formatted messages and metadata.

In contrast, REST uses “resources” as the central organizing concept. It is common for REST APIs to provide responses in several forms, such as XML and JSON, as well as other formats like GIF or MPEG as representations of those resources. REST relies heavily on the infrastructure of the World Wide Web, including Universal Resource Identifier (URI), HyperText Transport Protocol/Secure (HTTP/S), Really Simple Syndication (RSS), Atom, and other standards. It is possible to specify REST services using Web Services Description Language (WSDL) 2.0.

This chapter provides guidance for designing scalable, secure, and interoperable Web Services implementations by information systems but not the specifics of such system designs or supporting infrastructure. It supplies a framework or road map for defining Web Services-based interfaces between systems in the current and future enterprise. Although this chapter is not a substitute for any set of specialized business requirements, it offers a starting point for systems architects and developers to build interoperable solutions that address specific, granular requirements.

Changes to and Deviations from TRA Guidance

The TRB approves any changes to the CMS TRAsections and topics, following the process documented in CMS TRA Foundation section, Architecture Change Request Process.

All project requests for grant of special considerations or deviation from CMS TRA guidance must be provided in writing to the TRB. The TRB will respond to all requests in writing.

Requests to the TRB must include the following information:

Description of the requested deviation
Reason for deviation(s)
Full text of the TRA business rule or guidance in the TRA chapter for which there is a request for deviation
Description of other alternatives to the deviation(s) that have been considered
Enumeration of risks to CMS as well as other affected systems and stakeholders
A plan of action with dated milestones for remediating the deviation(s) and complying with the TRA.

Related TRA Chapters and Guidance

The following CMS TRA chapters may provide additional helpful information.

The CMS TRA Infrastructure Services section File Transfer topic may help when considering how to integrate batch-processing paradigms into the CMS SOA
The CMS TRA Application Development chapter – provides guidance for developing Web Services and data access services and their arrangement in the CMS TRA Multi-Zone Architecture.
The Network Services section Security topic – provides instruction on how to configure security applications to permit SOA network communication as well as permissible communication patterns between and among TRA zones and services.

A mailing list entitled, “CIO Resource Library Communications”, is available to notify subscribers when new or revised IT-related directives, policies, technical standards, TRA guidance / chapters, or guidelines are available. To subscribe to the new list, please select the following URL and enter your email address: https://public.govdelivery.com/accounts/USCMS/subscriber/new?topic_id=USCMS_12066

TRA 2024 Revision 2.1 • General Distribution / Unclassified Information