Efficient Intelligent Secure for Web Service Composition



Similar documents
A QoS-Aware Web Service Selection Based on Clustering

Introduction to Service Oriented Architectures (SOA)

Service Oriented Architecture

SmartLink: a Web-based editor and search environment for Linked Services

Literature Review Service Frameworks and Architectural Design Patterns in Web Development

Service-oriented architectures (SOAs) support

Run-time Service Oriented Architecture (SOA) V 0.1

Distributed and Scalable QoS Optimization for Dynamic Web Service Composition

Combining SAWSDL, OWL DL and UDDI for Semantically Enhanced Web Service Discovery

Specifying Conflict of Interest in Web Services Endpoint Language (WSEL)

DC Proposal: Automation of Service Lifecycle on the Cloud by Using Semantic Technologies

Dynamic Composition of Web Service Based on Cloud Computing

Service-Oriented Computing and Service-Oriented Architecture

SLA Business Management Based on Key Performance Indicators

A Semantic Approach for Access Control in Web Services

On the Standardization of Semantic Web Services-based Network Monitoring Operations

A Scalable Approach for QoS-based Web Service Selection

Interacting the Edutella/JXTA Peer-to-Peer Network with Web Services

CONTEMPORARY SEMANTIC WEB SERVICE FRAMEWORKS: AN OVERVIEW AND COMPARISONS

A standards-based approach to application integration

Supporting Change-Aware Semantic Web Services

A Service Oriented Security Reference Architecture

Incorporating Semantic Discovery into a Ubiquitous Computing Infrastructure

Research on the Model of Enterprise Application Integration with Web Services

Composite Process Oriented Service Discovery in Preserving Business and Timed Relation

Towards Management of SLA-Aware Business Processes Based on Key Performance Indicators

Six Strategies for Building High Performance SOA Applications

Optimised Realistic Test Input Generation

IMPROVING BUSINESS PROCESS MODELING USING RECOMMENDATION METHOD

Introduction to Service-Oriented Architecture for Business Analysts

Analyses on functional capabilities of BizTalk Server, Oracle BPEL Process Manger and WebSphere Process Server for applications in Grid middleware

Data Mining Governance for Service Oriented Architecture

Service-Oriented Architectures

E-Learning as a Web Service

Automating Service Negotiation Process for Service Architecture on the cloud by using Semantic Methodology

SOA CERTIFIED CONSULTANT

Automating the DEVS Modeling and Simulation Interface to Web Services

Emerging Technologies Shaping the Future of Data Warehouses & Business Intelligence

Demonstrating WSMX: Least Cost Supply Management

NIST s Guide to Secure Web Services

Service-Oriented Architecture: Analysis, the Keys to Success!

A Framework for Personalized Healthcare Service Recommendation

SOA REFERENCE ARCHITECTURE

Multi-Paradigm Process Management

Lightweight Data Integration using the WebComposition Data Grid Service

Toward Next Generation Distributed Business Information Systems: Five Inherent Capabilities of Service-Oriented Computing

An Open Agent Environment for Context-Aware mcommerce

Service selection algorithms for Web services with end-to-end QoS constraints

Introduction to UDDI: Important Features and Functional Concepts

Service Virtualization: Managing Change in a Service-Oriented Architecture

A Service Modeling Approach with Business-Level Reusability and Extensibility

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems

QAME Support for Policy-Based Management of Country-wide Networks

A Flexible and Dynamic Failure Recovery Mechanism for Composite Web Services Using Subset Replacement

Business Rule Standards -- Interoperability and Portability

Ontology-based Web Service Composition: Part 1. Rolland Brunec Betreuerin: Sabine Maßmann Universität Leipzig, Abteilung Datenbanken

Business Process Standards and Modeling

Secure Semantic Web Service Using SAML

Optimization and Ranking in Web Service Composition using Performance Index

David Pilling Director of Applications and Development

ACE GIS Project Overview: Adaptable and Composable E-commerce and Geographic Information Services

SOA CERTIFIED JAVA DEVELOPER (7 Days)

An Architecture for Autonomic Web Service Process Planning

Deploying and managing Web services: issues, solutions, and directions

EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES. Enterprise Application Integration. Peter R. Egli INDIGOO.

Transcription:

Somayeh Karimi, Seyed Morteza Babamir Islamic Azad University, Meymeh Branch, Department of Computer, Meymeh, Iran University of Kashan, Department of Computer Engineering, Kashan, Iran S_karimi@iaumeymeh.ac.ir, babamir@kashanu.ac.ir Abstract -Oriented Architecture (SOA) provides a flexible framework for web service composition. Using standard based protocols (such as SOAP and WSDL), composite services can be constructed by integrating atomic services developed independently. For each service in the composition, many service providers can offer the same function but may have different non-functional attributes (i.e. security, QoS parameters). These attributes have to be considered to make a decision selection more carefully and have suitable composition of web services composition. In this paper, we propose a broker-based framework for integration and adaptation of non-functional aware web services. We present the web service selection mechanism which selects the best (most suitable) web service based on the both requester and provider s security issues and quality attributes. Key words Web service composition, Business proce ss, Non-functional constraints, Security, QoS (Quality of ), Broker. N Efficient Intelligent Secure for Web Composition I. INTRODUCTION owadays the web is the main means by which companies and organizations are carrying on their business. This central role of the web has forced many companies to reorganize their businesses by using Web-based heterogeneous technologies in order to remain competitive in a business world. In such a scenario, the web service paradigm has emerged as the most promising approach for web-based application development [1]. A web service is a software system designed to support interoperable applicationto-application interaction over Internet. Some benefits of adopting web services are that they are platform and vendor independent, since they are based on a set of standards, they provide a means for the convergence of disparate business functionalities, they make easier to deploy business applications for trading partners, thus resulting in a significant reduction in total cost of development. Web services rely on a set of XML standards such as Universal Description, Discovery and Integration (UDDI) [2], web s Description Language (WSDL) [3], and Simple Obect Access Protocol (SOAP) [4]. One of the maor goals of web services is to make easier their composition to form more complex services. To this purpose, many emerging languages (e.g., BPEL4WS [5], WSBPEL [6] and BPML [7]) have been proposed for coordinating web services into a workflow. Discovering of web services for take parting to the composition are based on their functional properties. The increasing number of web service providers on the web supporting numerous web services having same or similar functionality caused using their non-functional properties to distinguish them and several tools and techniques was created to search suitable web services. In this paper, we focus on security and QoS issues of web services compositions which may be specified by requesters or provider's web services that must be taken into account when composing web services. For instance, a web service provider may not want to accept requests issued by a specific IP address, or a web service requester wants to be use only web services with minimum response time in the composition. In this paper, we propose a brokered architecture to compose web services according to the specified security constraints and represent a mechanism to select the best web services with regards to QoS (i.e. response time, service cost, availability and reliability) properties. The main motivation of the proposed framework is to delegate brokers to make intelligent web service compositions. The main functions of a broker include: tracking: A broker has a service repository to record all feasible web services it is aware of. selection: This is the key function of our service broker. A broker match web services according to security constraints and select the best web services to execute a business process. After each business plan transaction, a user should report the record QoS performance (from the services) to the broker so that the broker can update the statistical QoS data of each service. The rest of paper is organized as follows. Next section discusses related work. Section 3 discusses security and QoS issues related to web service composition. Section 4 describes broker based architecture for web service composition and presents the security matchmaking and QoS Adapting. Section 5 presents the implementation details. Section 6 draws conclusions. II. RELATED WORKS Recently, business process or workflow proposals relevant to web services are proliferating in the business and academic world. Most of the proposals are XML-based languages to specify web services interactions and compositions. All of the proposed XML languages are based on WSDL service descriptions with extension elements, such as BPEL4WS (Business Process Execution Language for Web s) and Page 17 /183

BPML (Business Process Modeling Language).BPML is XML-based meta-language developed by the Business Process Management Initiative (BPMI) as a means of modeling business processes. Advanced semantics such as nested processes and complex compensated transactions that are supported by BPML, are not addressed by BPEL4WS. BPEL4WS by combining Microsoft s XLANG [8] with IBM s WSFL (Web Flow Language) [9], provides a language for the formal specification of business processes and business interaction protocols. It can model the behavior of both executable and abstract processes. A detailed comparison between BPML and BPEL4WS is given in [10]. To describe the behavior of a business process based on interactions between the process and interfaces of its web service, BPEL4WS defines a model and a grammar. In short, a definition of BPEL4WS business process can be made up of as a template to create business process instances. Each of these activities in a routine model must be executed by an appropriate web service. In this scenario, the role of selection manager is to assign an appropriate web service to each activity. This assignment process is called matchmaking. Besides exploiting the UDDI registers, the matchmaking process can be performed also by means of semantic web service descriptions. In this context, DAML-S [11] provides capability to semantically annotate web services based on an ontology that provides classes and properties to describe content and capabilities of the web services. The closest to our work is [12], in which authors present a security broker for the composition of web services. However, their work is more focused on security parameters, which are specified by the requester and provider of web services and must be taken into account when composing web services. A difference between the approach reported in [12] and the one proposed in this paper is that we consider both security and QoS constraints of web services composition but [12] identifies only security issues. We propose a broker-based framework to compose Web services based on the security requirements related to both Web service requestors and providers, and optimize the composition by considered QoS parameters. The main functionality of this broker is to match web services according to security constraints and select the best web services to execute a business process. Some related work on QoS, such as the METEOR proect has been done in the workflow area [13]. Four QoS attributes are: time, cost, reliability and fidelity. Instead of constructing a QoS workflow, this proect focuses on analyzing and verifying a workflow QoS. Other related works are those that exploit AI by planning techniques for web service composition. Among them, we recall the McIlraith [14] that extends the logic programming language Golog for automatic composition of web services, while the one by Medahed [15] proposes a technique to generate composite web services from high level declarative description. This method uses compound rules to determine whether two services are compoundable. III. NON-FUNCTIONAL MODEL FOR WEB SERVICE COMPOSITION Such as the user's request, several non-functional properties may deeply affect on web services compositions that are satisfied by them. In this paper, we consider two classes of the non-functional parameters: A. Security constraints It is important to note that in order to verify whether a security constraint is satisfied by a web service or a web service composition, we need, in addition to a constraint language, also a language for specifying the security characteristics of a web service. For instance, a security constraint of a web service provider could require the adoption of a specific authentication mechanism. To verify this constraint, the broker needs to know which authentication mechanisms a web service supports. We call these two classes of information security capabilities and security compatibility, respectively. Security capabilities describe the security features of a web service, that is, strategies and techniques adopted by the service for ensuring security requirements. Clearly, it is essential that there exists one or more trusted entities in charge of validating and issuing security capabilities. Security Compatibility refers to those conditions that a web service could impose to another web service in order to cooperate with it. For instance, a web service may not want to accept requests from those web services that do not encrypt input parameters. We store these constraints in WSDL document. For more details refer [12]. B. QoS attributes In this section, we consider quantitative non-functional properties of web services, which can be used to describe the quality criteria of a web service [16, 17]. These can include generic QoS attributes like response time, availability, service cost, reliability, whilst these attributes can be quantified and represented by real numbers. To represent the QoS attributes of service s, We use the vector Qs = {q 1 (s),.., q r (s)} in which the function q i (s) determines the value of the i-th quality attribute of s. The values of these QoS attributes can be directly collected either from service providers (e.g. price), recorded previous execution monitoring (e.g. response time) or user feedbacks (e.g. reputation) [18]. The set of QoS attributes can be divided into two subsets: positive and negative QoS attributes. For the values of positive attributes it is required to be maximized (e.g. Reliability and availability), whereas for the values of negative attributes it is required to be minimized (e.g. price and response time). The following four quality metrics of a web service are considered: 1) Response Time (Ts): the time interval between when a service is invoked and when the service is finished. 2) Cost (Cs): the price that a service requester has to pay for invoking the service. 3) Availability (A): the probability that the service is available at some period of time. 4) Reliability (R): the probability that a request is correctly responded within the expected time [19]. Page 18 /183

IV. BROKER ARCHITECTURE We propose broker based architecture for web services with an obective of matchmaking security constrains and selecting the best web service according the QoS properties and preferences. Fig. 1 depicts the different component of the broker based web service architecture. t 1 t 2 t 3 w 1 w 6 w 4 w 2 w 7 User request Composition manager w 3 w 5 w 8 Requester Result Selection manager UDDI registry Class 1 Class 2 Class 3 Figure2. Workflow and business plan Provider A. Table Report QoS info Figure1. Broker architecture Each web service in the Table (SR) includes several fields are represented in Table 1 (both functional and non-functional characteristics). B. QoS manager This component performs registration, updating, deleting QoS information related to web services. In addition, it obtains the performance for specific QoS property values of web service from the provider. Finally before registering the obtained QoS property values into RS registry, Broker verifies and certifies them[19] These numbers will be refined by QoS- Manager in RS according to the actual values received from user feedbacks to reflect more accurate values. C. Composition manager QoS-manager To generate a process plan, composition Manager (CM) takes a user's service request as input. Process plan is an abstract process that consists of service classes and the connection relationships between them (only the sequential connection is discussed in this paper). A process plan defines a flow of service classes without identifying the actual service to be invoked. Fig 2 shows a workflow with three tasks and a process plan to relate it with three service classes. To generate process plan, CM is responsible. Users create the workflow by selecting which tasks must be done and by specifying connection relationships between them. Then discover functional similar web services from the UUDI through functionality matching [20, 21]. SR D. Selection manager We should know for each task, we have a list of web services able to perform it, without considering any security compatibility and QoS attributes during this selection. This is done by the selection manager. Indeed, given the process plan and web services candidates for each task by composition manager, the security matchmaker selects web services satisfying the specified security constraints and considering QoS attributes. The function of selection manager includes: a) Verify the compatibility of web services with regard to security constraints. Two web services w 1 and w 2 are compatible with regard to security if w 2 satisfy w 1 's compatibilities constraints. Thus, when selecting a web service to be associated with a task, the Security Matchmaker has to choose web services that are compatible with regard to security with the web s already assigned to activities in the business process. To represent the web services and relationship between them, we use a graph direction that shows all possible security-aware web service compositions. In general, a level of the composition graph is related to the -th task in the process plan, where each node at level represents a web service able to perform activity and compatible with regard to security with all its predecessor nodes. Therefore, each path in the graph denotes a security-aware composition (Fig 3). s 1 s 2 s 3 w 1 w 2 w 3 w 4 w 5 w 6 w 7 w 8 Figure3. An example of composition graph Page 19 /183

TABLE I. SERVICE TABLE Web service class Task Ws capability Compatibility constraint Response time Cost service Availability Reliability s1 s2 s3 s4 S1 S1 S2 S2 T1 T1 T2 T2 authentication=saml Privacy Access control=p3p authentication= X.509 authentication=saml authentication= X.509 Signature=XML-SIG Signature=XML -SIG Privacy Access control=p3p 100 160 120 150 50 80 100 60 0.89 0.99 0.95 0.91 0.95 0.91 0.98 0.88 b) Select, for each task, a web service with the best quality. In this step, for each task,select the best web service considering QoS parameters among web services which choosed in preview step by matchmaker for every level of graph. Difination1: utility function In order to evaluate the multi-dimensional quality of a given web service a utility function is used. The function sorts and ranks service candidates by QoS values[19]. The utility computation involves scaling the QoS attributes va lues to allow a uniform measurement of the multi-dimensional service qualities independent of their units and ranges. The scaling process is then followed by a weighting process for representing user priorities and preferences. In the scaling process each QoS attribute value is transformed into a value between 0 and 1, by comparing it with the minimum and maximum possible value according to the available QoS information of service candidates. For instance, maximum QoS attribute value of each web service is defined by maximum value in the service class that the web service belong it. Q Q min max (, k) = min (, k) = max s i S s i S q ( s k k i q ( s Where Q min (, k) is the minimum value (e.g. minimum price) and Q max (, k) is the maximum value (e.g. maximum price) that can be expected for service class S according to the available information about service candidates of this class. Then for each candidate web service in service class S execute function (1). m qk( S) F(S ) = * Wk + k= 1 Q min( k) (1) r qk( S) 1 + Wk Q min( k) k= m+ 2 i ) ) + With W k R and Σ r k=1 w k =1 r= 1..4 being the weight of q k to represent user s priorities. Positive attribute s transform into negative attributes by mines from 1. Thus, the web service with minimum utility value in every service class is selected to be executed. V. IMPLEMENTATION AND EXPERIMENTS The broker is implemented on Windows XP platform using Microsoft Visual Studio.NET development environment and Microsoft visual C# as a programming language. To store QoS values of web services, we use Microsoft SQL Server 2000 database. The four QoS and four security properties for eight web services are considered for the experimentation. The broker receives a set of tasks as a business process contains several tasks and their relationship among them in its database. It has in information about web services that able performed the tasks, their QoS and security constraints and their priorities. After the execution of matchmaking and selection mechanism, the broker returns the best web services to the requestor. VI. CONCLUSION In this paper, we have considered the non-functional parameters (i.e. security and QoS attributes) during composing web services. We have proposed an approach to compose web services according to the security requirements of both web service requestors and providers and filtered it by QoS attributes. This paper presents a broker-based framework for dynamic web services composition with security and QoS parameters. The components in a broker implement service composition, adaptation and selection regard to security and QoS issues. We propose an approach to select the best web service among web services candidate to perform task that has suitable QoS values but the broker does not have any solution when a web service failed during composition. For future work we can propose an algorithm to finds another web service as replacement of the web service is chosen for every task in workflow when Occurrence a failure. Page 20 /183

REFERENCES [1] B. Carminati, E. Ferrari, P.C. K. Hung, Web Servic e Composition: A Security Perspective, International Workshop on C hallenges in Web Information Retrieval and Integration, Tokyo, Japan April 08-April 09. [2] Universal Description, Discovery and Integration (UDDI). UDDI v. 3.0, UDDI Spec Technical Committee Specification, 19 July 2002. [3] World Wide Web Consortium (W3C). Web s Description Language (WSDL), Version 1.2, W3C Working Draft, 9 July 2002. [4] World Wide Web Consortium (W3C). SOAP Version 1.2 Part 1: Messaging Framework, W3C Proposed Recommendation 07 May 2003. [5] IBM Corporation, Business Process Execution Language for Web s (BPEL4WS), Version 1.0, 2002. [6] OASIS. Web s Business Process Execution Language (WSBPEL). [7] A. Arkin. Business Process Modeling Language (BPML), Version 1.0. BPMI.org, 2002. [8] S. Thatte, XLANG: Web services for business proces s design,2001. [9] F. Leymann Web service flow language (WSFL), 2001. [10] J. Mendling, M. Müller, A Comparison of BPML and B PEL4WS. In Proceedings of the 1st Conference "Berliner XML-Tage". Berlin 2003, pp. 305-316. [11] A. Ankolekar, M. Burstein, J. R. Hobbs, O. Lassila, D. L. Martin, S. A. McIlraith, S. Narayanan, M. Paolucci, T. Payne, K. Sycara and H. Zeng. DAML-S: Semantic Markup For Web s, Intern Semantic Web Working Symposium (SWWS), Standford University, CA, USA, 2001. ational [12] Barbara Carminati, Elena Ferrari, Patrick C. K. Hung. Security Conscious Web Composition. IEEE International Conference on Web s (ICWS'06) 2006. [13] J. Cardoso. Quality of service and semantic compos ition of workflows. Ph.D Thesis, University of Georgia, 200 2. [14] S. McIlraith, T. C. Son. Adapting Golog for Compos ition of Semantic Web s, 8th International Conference on Kno wledge Representation and Reasoning (KR2002), 2002. [15] B. Medahed, A. Bouguettaya, and A. K. Elmagarmid. Composing Web s on the Semantic Web, The VLDB Journal, 1 2(4), November 2003. [16] L. Zeng, B. Benatallah, M. Dumas, J. Kalagnanam, and Q. Z. Sheng, Quality driven web services composition, In Proc eedings of the International World Wide Web Conference, pages 411 421, 2003. [17] Y. Liu, A. H. H. Ngu, and L. Zeng, QoS computation and policing in dynamic web service selection. In Proceedings of the International World Wide Web Conference, pages 66 73, 2004. [18] G. L. Nemhauser and L. A. Wolsey, Integer and Comb inatorial Optimization, Wiley-Interscience, New York, NY, US A, 1988. [19] Tao Yu, Kwei-Jay Lin, A Broker-Based Framework fo r QoS-Aware Web Composition, Proc. of the Intl. Conf. on e-technology, e- Commerce and e-, 2005. [20] H. Kreger, Web s Conceptual Architecture (W SCA 1.0), Published in May 2001. [21] Y. Wang and E. Stroulia, Flexible Interface Matchi ng for Web- Discovery, Proceedings of the Fourth Internationa l Conference on Web Information Systems Engineering (WISE 03), IEEE 2003. Page 21 /183

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information