The Service-Oriented Architectural style (SOA) is gaining momentum. Gartner predicts that SOA will become a prevailing software engineering practice in coming years1. SOA attracts industry attention by providing for a flexible and cost effective way to re-use functionality captured in loosely coupled, business-aligned services. WSDL [ 1 ] web services is the most well-known, however, not the only possible, implementation of SOA.

The Semantic Web [ 2 ] is a vision of the next generation of the Web that makes resources published on the Web “understandable” by machines, thus improving usability of these resources. One of the main means in achieving the vision is ontologies, the responsibility of which is to be a carrier of semantics shared among agents.

The significant potential of the combination of web services and the Semantic Web has been recognized by the Semantic Web Services research area, with OWL-S [ 3 ] and WSMF [ 4 ] approaches being the two most well-known representatives. Both OWL-S and WSMF are aimed at providing an extensive ontology-based description framework for WSDL web services. In our work we analyze the combination of ontologies and web services from the viewpoint of software architectures [ 5 ] and one of our goals is to define an Ontology-enabled Service-Oriented Architectural style (Onto-SOA) to provide for a general, technology- and ontology (language) independent framework for integration of ontologies and service-oriented architectures. 1 http://www.gartner.com/resources/114300/114358/114358.pdf

On the more practical side, our work is motivated by the problem of applying ontologies in design of applications for the e-Science domain. In the e-Science domain a large variety of knowledge intensive computational resources exists: experiment design and execution environments, model simulation and statistical analysis services. Ontologies have a great potential to improve (re-)usability of these resources. In order to realize this potential, end-user applications have to be developed. However, at present, an application developer faces both complexity of the state-of-the-art approaches and very limited guidance available on how these approaches can be applied to development of ontology-enabled software. We address this problem by further operationalizing the proposed Onto-SOA style into a pragmatic framework ready to be applied in ontologyenabled applications.

The rest of the paper is devoted to a brief introduction to SOA (Sec. 2) followed by the analysis of relations between SOA, web services (Sec. 3) and Semantic Web Services (Sec. 3). During this analysis we outline a gap between SOA and current approaches to ontology-enabled web services. We address the gap by defining Onto-SOA (Sec. 4). Finally, we conclude with a summary and directions for future work. 2

An architectural style is “a coordinated set of constraints on architectural elements and relationships among those elements within any architecture that conforms to that style” [ 6 ]. The general architectural elements are processing components, connectors and data. Processing components can transform data elements. Connectors provide for an abstract mechanism that mediates communication, coordination or cooperation between components [ 7 ]. From the processing component perspective, connectors transfer data without modifying it. However, internally a connector can contain a complex subsystem that can subject the data to a number of intermediate transformations.

SOA is a style that is constrained to induce a number of desirable characteristics on a compliant architecture. In the literature, SOA is often characterized as a style that supports loosely coupled, business-aligned, networked services to enable flexibility and interoperability, in a technology-independent manner.

Services in SOA represent coarsely-grained expertise from an application (business) domain. A service makes this problem-solving expertise available to a consumer. SOA achieves loose coupling between its processing components (a service consumer and a service) by requiring that connectors are simple, generic and application independent, and that descriptive messages constrained by an extensible schema are delivered through these connectors. A connector is application independent and generic if it does not introduce real dependency and minimizes artificial dependency between a service and consumer.

Since the connectors are generic, all application-specific semantics must be expressed in descriptive messages that communicate a problem description from a service consumer to a service provider. The messages specify what is to be solved but not how it should be solved. The reason for this is that a service provider possesses problemsolving expertise that is missing in the service consumer.

In order to enable “understanding” between communicating components, messages must have unified syntax and structure and must be expressed in a vocabulary shared by communicating components. The vocabulary is defined in a schema, extensibility of which is very important due to an open range of possible application domains.

In SOA, loose coupling is achieved by enforcing application independent connector elements. All application-specific semantics is to be contained in data elements (messages). A service can be uniquely characterized by a set of messages it can properly interpret. These messages are constrained by a certain schema that can be seen as an abstract definition of a service. From a service consumer point of view, a service is known via this abstract definition only. Since a service represents problem-solving expertise in an application domain, the schema effectively plays a role of a specification of this expertise. Such view on a schema in SOA allows us to make a natural transition from a schema to an ontology and treat an ontology as an integral component of SOA. 3

In the literature the term web services most often refers to WSDL/SOAP-based services. However, in our work we employ it in more general sense to refer to a derivation of SOA that employs standard Web transport protocols (HTTP, for example) and XML language to express messages. The main reason for this is that WSDL/SOAP is not the only possible way to apply SOA on the Web.

WSDL/SOAP Web Services presently are the most popular application of SOA on the Web. WSDL provides a description framework for web services and is aimed at service invocation primarily. SOAP [ 1 ] provides for a standard way to structure messages that can be carried over a variety of transport protocols with HTTP being most frequently used one.

In the very beginning SOAP supported the RPC (Remote Procedure Call) communication style only2 and later on the document-based flavor of SOAP was introduced. The document-based SOAP messages are capable of carrying any XML-based content and are not restricted to the RPC communication style only.

From the SOA perspective, RPC introduces an additional artificial dependency between a consumer and a service and, therefore, hinders loose coupling between these components. Furthermore, the RPC style messages tend to be prescriptive rather than descriptive: with the RPC-message a consumer prescribes a service how to solve a problem rather than describing what is to be solved. In RPC web services, message semantics often becomes workflow-dependent and that hinders integration of services. With SOAP 1.2 the RPC style has become optional, thus, enabling us to avoid it in WSDL/SOAP web services. However, RPC still attracts most of the attention in the research community.

Document-based WSDL/SOAP web services are fully compatible with SOA. Normally they rely on the XML Schema language to describe a structure of an XML document. However, XML schemas do not allow us to capture semantics of message ele2 http://www.xml.com/pub/a/ws/2001/04/04/soap.html ments. WSDL extension elements allow us to use different schema languages capable of capturing semantics, however, there is little guidance available on that.

WSDL/SOAP web services introduce a significant amount of conceptual and architectural elements [ 8 ]. A significant part of it is devoted to the RPC communication style that is to be avoided in SOA. Moreover, in many cases a document-based invocation that is performed via the well-established communication interface (HTTP protocol and the request-response message exchange pattern) is sufficient to define an operational SOA. Such a SOA can be both simpler and sufficient for many practical applications. Representational State Transfer (REST) Web Services are based on the REST architectural style [ 6 ] that is designed around concepts such as Resource and URI. The interface among agents in REST is limited to the HTTP protocol that provides for both the transport layer and actions applicable to resources. REST web services normally employ XML to express messages and XML Schema as a vocabulary definition mechanism. However, since the infrastructure underlying REST web services is simple, it becomes rather straightforward to employ an ontology-based schema definition mechanism in REST web services. Another important feature of REST is that this style has been designed to fulfill requirements of the Web [ 9 ]. REST web services, therefore, gain many architectural properties of the Web which have already proven to be successful.

WSDL/SOAP web services require a significant infrastructure and have a high adoption barrier. On the other hand, REST web services require little infrastructure in addition to what is already provided by the Web, are fully compatible with the SOA constraints, can be easily made to employ an ontology-based schema definition languages and sufficient for many applications.

Despite the fact that REST web services are not the standard web services and less widely publicized, they are known in some cases to be preferred over WSDL/SOAP web services. For example, Amazon provides interfaces for both WSDL/SOAP and REST web services, and 85% of the usage is on the REST interface3.

Semantic Web Services The state-of-the-art approaches to Semantic Web Services [ 10 ] such as OWL-S and WSMF employ ontologies to provide semantically rich descriptions of WSDL/SOAP services. Such descriptions provide us with meta-data about a service and can be applied to automate web service-related tasks such as discovery, invocation, composition etc. The fact that a number of related but independent tasks are addressed within a single framework makes its application cumbersome if only some of these tasks are important for a given SOA.

From the SOA perspective, SWS define a relatively complex semantic connector element responsible for establishing a connection between a service and its consumer in a way that insures semantical compatibility of messages. The connector element can perform complex operations, however, the service still operates on semantics-free messages (SOAP RPC in most cases). This makes us to believe that the state-of-theart approaches to SWS do not address direct exchange of semantically rich messages between processing components in SOA. For example, if there is a web service designed 3 http://www.oreillynet.com/pub/wlg/3005 to operate over RDF [ 11 ] messages then the-state-of-the art SWS approaches are of little use here, and if the service is not a WSDL/SOAP-based one then there is even less possibilities to apply the existing SWS approaches. 4

We propose Onto-SOA – SOA that assumes a direct exchange of semantically rich messages between processing components. Onto-SOA is general meaning that it can be combined with any SOA-compatible architecture (WSDL/SOAP or REST) and with any ontology language. The style can be gradually refined into derivative styles that will support additional service-related activities.

We derive the Onto-SOA style from SOA by introducing an additional constraint on architectural data elements (messages): An ontology language must be used to express a schema underlying messages. This constraint explicitly addresses the semantical interoperability of messages. In Onto-SOA we assume that both a service and its consumer are aware about an ontology underlying messages.

Implementing an Onto-SOA with an Ontology Language To check whether the newly-derived Onto-SOA is compatible with an underlying SOA, we have to validate the introduced constraint against the general SOA requirement on schema extensibility.

In most of the modern applications of SOA, XML and XML Schema provide a unified syntax and vocabulary definition mechanism to messages. However, the XML Schema language addresses structural aspects only, leaving semantics of a defined vocabulary implicit. This leaves a problem of semantical interoperability among processing components unsolved but, on the other hand, does not restrict the flexibility in defining domain-specific vocabularies.

An ontology can provide a domain vocabulary, semantics of which is precisely defined in terms of ontological primitives of the underlying language. The ontology languages such as RDFS [ 11 ] and OWL [ 11 ] have fixed semantics and do not allow a user to extend it. The user is limited to model an application domain in terms provided by an ontology language. This means that the more restrictive an ontology language is – the less flexible an Onto-SOA based on this language becomes and, therefore, the more it diverges from the general requirements to SOA.

This allows us to conclude that in order to achieve the level of flexibility required by SOA, semantics of an ontology language must be extensible. However, at present, such languages are not available and we cannot foresee whether they will appear in future. If an extensible ontology language is unavailable then the least restrictive one (such as RDFS, for example) might provide a fair approximation.

In order to operationalize the introduced Onto-SOA, we have devised MoRe – a derivation of Onto-SOA (and a corresponding implementation) that combines the RDF/S languages with the elements of REST web services. MoRe has been applied to provide a number of services for the domain of units of measure captured in the UnitDim4 ontology. The services are employed within the Unit Converter tool [ 12 ]. 4 Rijgersberg, H., Top, J.: UnitDim: an ontology of physical units and quantities.

http://www.atoapps.nl/foodinformatics. Sec. News (2004)

We propose Onto-SOA – an Ontology-enabled Service-Oriented Architectural style that addresses a direct exchange of semantically-rich (ontology-based) messages between a service and its consumer. Onto-SOA is independent from a particular web service technology (WSDL/SOAP, for example) and, therefore, can be employed within any SOAcompatible architecture. Onto-SOA makes no assumptions about an ontology language employed as a schema definition mechanism. This enables us to combine Onto-SOA with any ontology languages.

In our future work we intend to further analyze the applicability of the modern ontology languages such as RDF/S and OWL within the proposed Onto-SOA style. Further applications the MoRe framework – an operational RDFS/HTTP derivation of Onto-SOA – within the e-Science domain will allow us to validate the main ideas behind Onto-SOA and to provide additional guidance to software and ontology developers in designing an ontology- and service-enabled architectures.

Engineering Authorization Services for the Service Oriented Architecture

Sarath Indrakanti Information and Networked Systems Security Research,

Department of Computing, Macquarie University,

Sydney, NSW, 2109, Australia

sindraka@ics.mq.edu.au Abstract. The service-oriented architecture (SOA) can be used to build new solutions leveraging services, to cleave together existing applications or to cleave apart existing applications. The SOA provides many benefits such as cost saving to organizations by increasing the speed of implementation of any application(s) required and reducing the expenditure on integration technologies. However, security is one of the main roadblocks for enterprises to delay development and deployment of their services. Although there are standards for providing confidentiality, integrity and message authentication for services, there is not yet a standard specification for authorization services for the SOA. We address this important gap in the area of security for the SOA. In particular, we will propose an authorization policy language as well as an authorization framework for the SOA. 1

Background The SOA is an architectural style and its aim is to achieve loose coupling among interacting distributed software systems. The SOA can be defined as a way of designing and implementing enterprise applications that deals with the intercommunication of loosely coupled, coarse grained, reusable artifacts (services). The SOA is made up of independent services interconnected via messaging. Platform independent service interfaces are defined to invoke these services. The SOA consists of service providers and service consumers. Service providers define what the service looks like and how to invoke it through an implementation independent service interface. Service consumers use this interface to invoke the service. The SOA also provides discovery mechanism to act as an intermediary. Service providers publish their service interface using the discovery mechanism for consumers to find and invoke the service.

There are three broad categories of service use. 1) To build new solutions with services. Services enable enterprises to have independent pieces within applications that can be developed and maintained independently and also to scaleout. 2) To cleave together existing applications. Services enable connectivity Business-to-Business (B2B) and Enterprise Application Integration (EAI). Services also let us formulate business processes to enable workflows across heterogeneous environments in turn letting us tap in to the IT infrastructure, and 3) To cleave apart existing applications. Use cases of the SOA include Supply Chain Management, Customer Relationship Management (CRM), Enterprise Application Integration (EAI), Enterprise Resource Planning (ERP), and Portal Web Sites amongst others. The SOA enables cost saving by increasing the speed of implementation of any application(s) required and reducing the expenditure on integration technologies. The SOA provides enterprise agility, to quickly respond to rapidly changing market needs and business requirements by quickly building new applications and quickly updating old applications. 2

Securing the SOA In general, security for the SOA is a broad and complex area covering a range of technologies. At present, there are several efforts underway that are striving to provide security services such as authentication between participating entities, confidentiality and integrity of communications. A variety of existing technologies can contribute to this area such as TLS/SSL and IPSec. There are also related security functionalities such as XML Signature and XML Encryption and their natural extensions to integrate these security features into technologies such as SOAP and WSDL.

The WS-Security specification describes enhancements to SOAP messaging to provide message integrity, confidentiality and authentication. There is also work on XKMS defining interfaces to key management and trust services based on SOAP and WSDL. However, while there is a large amount of work on general access control and more recently on distributed systems authorization, research in the area of authorization for Web services is still at an early stage. There is not yet a specification or a standard for Web services authorization. There are attempts by different research groups to define authorization frameworks [ 1 ] and authorization policy specification mechanisms [ 2 ] for Web services. Currently most Web service based applications, having gone through the authentication process, make authorization decisions using application specific access control functions that results in the practice of frequently re-inventing the wheel. This motivated us to have a closer look at authorization service requirements for the SOA. We will first address the area of design of an authorization policy language for the SOA. Then we will propose an authorization framework for the SOA. Finally, we will demonstrate these authorization services using a case study in the health care domain. 3

Authorization Policy Language for the SOA [ 3 ] Languages have long been recognized in computing as ideal vehicles for dealing with expression and structuring of complex and dynamic relationships. Over the recent years, a language-based approach to specifying access control policies has (rightly) gained prominence, which is helpful for not only supporting a range of access control policies but also in separating out the policy representation from policy enforcement. One standard authorization policy language defined for the SOA can replace dozens of application-specific languages. Administrators save time and money because they are not required to rewrite their policies in many different languages. Developers save time and money because they need not invent new policy languages and write code to support them. They can reuse existing code. If one policy language specification is standardized, good tools for writing and managing policies for that language will emerge. Policy languages in which one can specify policies using XML have an advantage over other languages such as Ponder, as Web services based applications using the language can leverage on the benefits of XML such as inter-operability over multiple platforms in a heterogeneous environment. A policy language based on XML technology with its own namespaces and schemas is necessary in a heterogeneous environment of Web services. Also if an XML based policy language is used, standard specifications such as XML Encryption and XML Signature can be leveraged to secure and sign those policies where required. Such a policy languages policies can be specified and referred to by any service based application whether it is running on a Java based platform or the .NET platform. When designing the authorization policy language, we took into consideration the support for a range of authorization policies such as the dynamic separation of duty policy, that are likely to be required for services deployed in a commercial environment.

In particular, we will discuss the following in the dissertation: (a) Survey of authorization policy languages for distributed systems, (b) Analysis of the authorization policy language used by .NET MyServices [ 4 ], (c) Extensions to the authorization policy language used by .NET MyServices, (d) Design of XMLbased authorization policy language for the SOA, (e) Design of standard APIs to the policy language and the policy engine, and (f) Implementation of the policy language and the policy evaluation engine leveraging existing XACL policy language and engine. 4

Survey and Analysis of Authorization Frameworks[ 5 ] We have carried out a comprehensive survey of existing authorization models both for traditional distributed systems as well as authorization models built for different layers of the SOA.

We will discuss the following in this section: (a) Survey and analysis of authorization frameworks built for stand-alone systems, (b) Survey and analysis of authorization frameworks built for distributed systems, and (c) Survey and analysis of authorization frameworks built for the SOA. 5

Authorization Framework Design Requirements [ 6 ] We will then lay out the design requirements for authorization services built for different layers of the SOA. Broadly speaking, the SOA comprises of Web services and business workflows built using Web services. These workflows are called business processes. Figure 1 shows the layers comprising the SOA.

Authorization requirements differ for the Web services and business processes layers of the SOA. Authorization services for the Web services layer have special design requirements as Web services present a complex layered system. For instance, a service may be a front-end to an enterprise system and the enterprise system may access information stored in databases and files. Web services may be used by enterprises to expose the functionality of legacy applications to users in a heterogeneous environment. Or new business applications could be written to leverage benefits offered by Web services. This means an authorization architecture for Web services must support multiple models of access control. This enables legacy applications to use the access control models they have already been using as well as new Web services applications to use new models of access control or other well-known models of access control such as role-based access control (RBAC). An authorization architecture for the business process layer of the SOA must provide orchestration services to coordinate the authorization decisions from individual partners authorization policy evaluators. Each partner must be allowed to control its own authorization policies and also not require disclosing them to the entire workflow or to the workflow engine. Even in cases where the binding to actual end-points of partner services happens dynamically at runtime, the authorization architecture must be able to orchestrate the partners authorization policy evaluators and arrive at an authorization decision. Currently existing authorization frameworks are either designed for the Web services layer [ 1 ] or the business process layer [ 7 ] of the SOA. There is no unified model available that provides a comprehensive design of an authorization framework that provides authorization support to both Web services and business processes comprising the SOA. 6

Authorization Framework for the SOA We will propose a unified authorization framework for the SOA. The framework will provide two separate architectures (indicated by the light grey colored boxes in Figure 1) that extend the security layers of Web services (WSAA) and business processes (BPAA). The BPAA relies on the features provided by the WSAA. In particular, we will discuss the following: 6.1

Web Services Authorization Architecture (WSAA) [ 8 ] (a) Design of the authorization administration and runtime APIs. The administration API is useful to group together a set of related Web services into collections to efficiently manage their authorization related information such as what privileges are required to be sent by a client before invoking a Web service. The runtime API is useful to invoke the necessary authorization components and receive an authorization decision, (b) Implementation of the authorization architecture APIs within the .NET framework, and (c) Benefits of the proposed architecture.

Business Processes Authorization Architecture (BPAA) (a) Design of the authorization administration and runtime APIs. The administration API is useful to define a business process and mange its authorization related information. The runtime API is useful to invoke the necessary authorization components and receive an authorization decision, (b) Implementation of the authorization architecture APIs within the .NET framework, and (c) Benefits of the proposed architecture.

Extensions to Other Layers of the SOA We will also describe our extensions to the Web services description and messaging layers to support the authorization frameworks for Web services and business processes (indicated by the dark grey colored boxes in Figure 1). Extensions to the description layer are required to make prospective clients aware of what authorization privileges are required to invoke a Web service or a business process. Extensions to the messaging layer are required to carry authorization related privileges, for instance, in the form of credentials. 7

Demonstration of Authorization Services in a Health Care Application We will demonstrate the proposed authorization services the policy language and the authorization framework for the SOA using a case study in the health care domain. In particular, we will discuss the following:

(a) Demonstration of the proposed policy language and policy engine features, (b) Demonstration of the authorization services provided by WSAA and BPAA, and (c) Demonstration of the proposed extensions to the service description and messaging layers.

Conclusion The service-oriented architecture (SOA) can be used to build new solutions leveraging services, to cleave together existing applications or to cleave apart existing applications. The SOA provides many benefits such as cost saving to organizations by increasing the speed of implementation of any application(s) required and reducing the expenditure on integration technologies. However, security is one of the main roadblocks for enterprises to delay development and deployment of their services. Although there are standards for providing confidentiality, integrity and message authentication for services, there is not yet a standard specification for authorization. We will address this gap in the area of security for the SOA. In the dissertation, we will first address the area of authorization policies and describe our proposal of an XML-based authorization policy language and its evaluation engine for the SOA. Then we will discuss the authorization framework requirements for the SOA. They differ for the Web services and business processes layers comprising the SOA. We highlighted the major differences in this paper. In particular, we will describe two separate authorization architectures designed using the requirements we laid out after carrying a comprehensive survey of authorization models built for stand-alone and distributed systems as well as for the SOA. Finally, we will demonstrate the authorization policy language and the authorization framework for the SOA using a case study in the health care domain.

Web Services Software Architecture

Syahrul Fahmy School of Informatics, The University of Manchester, PO Box 88, Manchester M60 1QD, United Kingdom

S.Abdul-wahab@postgrad.manchester.ac.uk Abstract. Web services have received widespread attention and acceptance in the software engineering community. Automatic composition of services, to meet user’s requirements, is a powerful mechanism to ensure satisfaction of varied needs and thus enable the vision of Web services. Although Web services are equipped with the fundamental concepts and supporting technologies, the architectural style of the composite service composed from Web services is fixed by the prescriptions of the Service Oriented Architecture, and does not provide the level of flexibility stipulated by alternative service-based approaches such as the Service-Based Software vision. To enable the composition of Web services using alternative architectural styles, the author proposes that software architecture be included as a parameter in the composition process. This is enabled by the use of the Alfa framework to model the desired architectural style, and the use of this information to support service discovery. 1 Introduction Web services are configurable software services that use open standards and protocols to connect and integrate distributed components for creating and managing computer applications. Web services have been becoming a major software trend because they provide means for integrating data sources and data transfer between applications. Web services share business logic, data and processes through a programmatic interface across a network. In order for web services to be operational, interoperability of applications over intra/internet is necessary. This interoperability requires a technology that is independent of hardware, operating system, and software specific technologies. As such, specific standards are used to address these interoperability issues that consist of XML to define structured data, SOAP as a messaging protocol, WSDL to define interfaces, and UDDI as a registry to publish available services.

There are two approaches an organization can adopt to take advantage of Web services namely the Service Oriented Architecture (SOA) and the Service-Based Software (SBS) approaches. In the SOA approach, a fixed architecture is presumed for service composition. Little flexibility, if any, is available to the service provider in determining how the service should be composed. The author argues that the service provider should be given more flexibility and ‘authority’ in service composition. In the SBS approach, the service provider is given this flexibility by means of a flexible – Protocol algebra and protocol management operators. A distinctive feature of our approach lies in the definition of operators to query, analyze, and transform protocols. Such operators are the key to carry out most of the features described above. – Protocols adapters and code generation. Theses two issues are part of the ServiceMozaic platform but won’t be further detailed in this paper. Briefly, adapters [ 2 ] can be created when compatibility (resp. replace-ability) analysis between two protocols reveals that there exist some mismatches that make them not fully compatible (resp. replaceable). Adapters allow to enhance the compatibility / replace-ability level in such situations. 3

State of the art Tools supporting web services development today are mainly concerned with interoperability issues at the lower levels of the web services stack, like the mappings from WSDL descriptions to Java/C# source code and vice-versa, making two SOAP-based systems talk to each other. Similarly, the existing standards in the higher-level services descriptions such as BPEL4WS, WSCI or WSCL proved to be more concerned with implementation aspects than enabling the kind of formal analysis that we envision. Indeed, the importance of formal analysis of web services protocols in terms of automated support for services interoperability at the business protocol level has been discussed in recent papers: [ 1, 3–5 ]. Several efforts recognize aspects of protocol specification in component-based models [ 6, 7 ]. They provide models (e.g., pi-calculus based languages for component interface specifications) and algorithms (e.g., compatibility checking) that can be generalized for use in web services protocol specifications and management. Indeed, various efforts in the general area of formalizing web services description and composition languages emerged recently [ 5, 8 ]. However, in terms of managing the web services development life-cycle, technology is still in the early stages. Consistency analysis should have some interesting links with existing software engineering techniques such as refactoring [ 9 ].

Our approach, based on a protocol algebra and protocol operators is novel in the field. Specifically, it should be more fine-grained than the approaches mentioned above when doing compatibility and replace-ability analysis. We believe that to some extent, the development of a protocol algebra for formal services descriptions analysis implemented inside a larger CASE tool, based on the identification of abstractions needed by practitioners [ 10 ], can have the same impact that relational algebra had for relational databases. 4

Web services protocols modeling and analysis

A model extended with temporal constraints Our model is based on the web services business protocol proposed in [ 10, 1 ], which is built upon the traditional state machine formalism to represent messages choreography constraints. States represent the different phases that a service may go through during its interaction with a requester to the provider and vice-versa. A message corresponds to the invocation of a service operation or to its reply. Hence, each state identifies a set of outgoing transitions, and therefore a set of possible messages that can be sent or received. Each transition is labeled with a message name followed by the message polarity, that is, whether the message is incoming or outgoing. The protocols are deterministic, that is to say, they have one initial state and, each state cannot provide more than one outgoing transition labeled with the same message. The model also supports the notion of final states, which correspond to the end of a successful conversation, in the sense that the messages exchanges between the provider and the requester is over on both sides. Briefly, the reason for using state machines as the basis for the model is because it is familiar to users, it is suitable to described reactive behaviors, and the notion of states is useful to perform services execution monitoring.

We have extended the model (called timed web service business protocol) to cater for temporal abstractions in [ 11, 12 ]. Transitions can become timed transitions when carrying temporal constraints. We identified two kinds of timed transitions. The first one (which we called C-Invoke constraints ) relates to a time window during which the related operation can be triggered explicitly by either the provider or the requester. The other kind of transition that we identified corresponds to timed implicit transitions that can automatically occur once a certain date and time has been reached. We called this type of constraints M-Invoke . A proper discussion on the formal semantics of the model would require too much space to fit in this paper, but we can recall that they are based on the notion of timed execution traces, inspired by timed automata [ 13 ]. 4.2

Temporal compatibility and replace-ability analysis Reactive systems have been widely studied, notably to the benefit of software and hardware verification. For analysis purposes, two formal frameworks are of interest. The first one is the temporal logics theory [ 14 ]. It allows for expressing complex requirements expressed as formulas that have to be satisfied on reactive systems modeled as automata. For example, a complex safety property (”the event will never happen”) or a liveness property (”the event will happen”) can be described within this framework. It appears that we won’t need temporal logics and their timed extensions (such as [ 15 ]) as we need to define simple timed constraints. The other framework is the timed automaton [ 13 ] which provides a lot of interesting automata classes, notably the event-recording automaton that has some valuable decidability and complexity properties on verification techniques. We have developed mappings from/to timed web services business protocols that are useful from a formal point of view. However, we try not to use straight the existing timed automata verification techniques which have been developed with the general cases in mind and are thus more demanding than the ad-hoc algorithms that we can develop for timed protocols. What’s more, traditional verification techniques lack the identification of partial compatibility and replace-ability, which is an important contribution of this work. We have defined classes to identify different levels of compatibility and replace-ability, as well as operators that can be applied to protocols definitions to assess the level of compatibility and replace-ability. These classes can be characterized by using and combining 3 operators (the timed compatible composition, the timed intersection and the timed difference), for which we have a more detailed definition as well as polynomial-time algorithms in [ 11 ]. We introduce the compatibility and replace-ability classes below. After one year of work, we have proposed an extension of the web services business protocols model proposed in [ 1 ] to cater with temporal abstractions in [ 12, 11 ]. We proposed a novel approach by characterizing the temporal compatibility and replaceability classes by using protocols operators for which we have efficient algorithms. We also have a link to the timed automata [ 13 ] theory that allows us to assess from a formal point of view that it has interesting properties. The implementation of the web services business protocol model has been done and will be soon extended with temporal abstractions. We have also implemented an editor for protocols in the ServiceMozaic platform as a GEF-based Eclipse plug-in 2.

Future work includes focusing on the third kind of protocols-based analysis: consistency analysis. We will also need to take into account multi-protocols choreography 2 See http://www.eclipse.org/ and http://www.eclipse.org/gef/. analysis (the current work is focused on the analysis between a service provider and a requester). Finally, other useful abstractions such as transactional properties will provide another promising area of investigation.

Web Service Discovery with Implicit QoS Filtering

Natallia Kokash DIT - University of Trento, Via Sommarive, 14, 38050 Trento, Italy

email: natallia.kokash@dit.unitn.it Abstract. Web Service (WS) discovery is a critical problem hindering web service technology proliferation. The current solution, based on catalog-style browsing, provides no control over the quality of registered services. Application of matching techniques for WS retrieval is still under investigation. The objective of this work is the design of a framework to improve WS discovery. Our approach is based on application of distributed recommendation system to provide Quality of Service (QoS) information and on testing of retrieval methods on service specifications. 1 WS paradigm is a promising model of software technology, based on loosely coupled, distributed and independent services operating via the web infrastructure. To overcome platform and language dependence, services are described using Web Service Description Language (WSDL). Standardized XML-based interfaces help performing service reuse. Service descriptions are cataloged in Universal Discovery, Description and Integration (UDDI) registries. Although there exists a stack of standards to regulate the communication of processes and automated tools to convert legacy applications into web services, WS technology is still not widely used. One of the reasons is the lack of means to support WS discovery, i.e., the identification of existing WSs that can be used by new web applications. This problem is rather extensive and admits various interpretations [ 4 ]. Under automated discovery, a requester agent performs service search and evaluates the results. Currently UDDI registries are the dominating technological basis for WS discovery. They allow business compliance and reuse, and in perspective they could provide control over data and facilitate WS lifecycle management. But existing registries are still small and mostly private, there is no control over provided information, qualitative characteristics of WS and ability of quality-based retrieval. The discovery supported by UDDI API is inaccurate as services retrieved may be inadequate due to low precision and low recall. Such mentioned disadvantages determine our objective: we propose a framework for efficient WS discovery that provides clients with QoS information and reduces the probability of failure by analyzing statistics of previous service invocations.

The rest of the paper is organized as follows. In Section 2, we discuss different aspects of the problem and present the existing work relevant for our research. Section 3 describes our approach. In Section 4, we draw some conclusions and outline future work. 2 We can judge how well a web service satisfies a client’s goal using various types of matching. Signature matching considers only function types without regarding their behavior. Specification matching is a way to compare two software components, based on descriptions of their behaviors. Components can be compared with various degrees of accuracy (exact and relaxed matching). However, this approach requires formal pre/postcondition specifications. Hausmann et al. [ 5 ] examine the application of such methods for WS discovery. WS matching is related to the automatic schema matching which is a basic problem in many application domains like data integration or semantic query processing. Rahm et al. [ 13 ] provide a good survey in this area. In syntactic matching we look for the similarities into data using syntax driven techniques. In semantic matching the key intuition is the mapping of meanings. For example, surname, family name, cognomen and last name represent the same concept. One of the relevant proposals in the field of WS discovery is to use an extension of UDDI that contains WSDL specifications [ 7 ]. In this way, dynamic retrieval through common terminology and shared meaning is enabled. WSDL does not provide any special semantic specifications but it contains the <documentation> element with service documentation and elements with natural language descriptions of operations and data types. Identifiers of messages, operations and data types are meaningful, and XML syntax allows to capture the domain specific relations. Semantic Web services, i.e., web services empowered with formal ontologies [ 16 ], revealed new perspectives in service automatic discovery, composition and execution monitoring (e.g., [ 10 ]). Since this solution is based on predefined ontologies, it is not flexible and contradicts the dynamic nature of web-based interaction.

From the WS discovery perspective, the major criterion of WS retrieval system evaluation is the relevance of found services with respect to the end user. The most popular quality evaluation measures of Information Retrieval (IR) engines are precision (a measure of the usefulness) and recall (a measure of the completeness). They have a fixed range and are easy to compare across different queries and engines, but they do not account for the quality of ranking. For a machine learning algorithm we need an effective single number measure. An average precision that combines precision, relevance ranking, and overall recall is an ideal measure for our task where good ranking is extremely relevant due to invocation cost of the services.

Assuring the WS quality is an especially critical task since we do not know service exact specifications, developing and testing methodologies. An invocation of a troublesome service can affect all the system. A potential client should be aware of the service behavior before he/she/it starts to exploit it. Among the basic QoS factors are service performance (throughput, response time, latency, transaction time), availability, accessibility, reliability, scalability, exception handling, execution cost, reputation, regulatory, accuracy, integrity, interoperability, security (authentication, authorization, confidentiality, traceability, data encryption, non-repudiation), privacy, network-based factors (network delay, delay variation, packet loss), etc. [ 12 ]. Service reputation is an especially interesting property from this list. Kalepu et al. [ 8 ] address the problem of subjective perception of reputation due to the lack of performance history. Our proposed solution allows to infer WS rankings from pure statistical data about service invocations based on particular criteria for each client.

An important issue is the way in which a client asks for a service. Currently used by UDDI API keyword-based queries are easy to express but obviously not sufficient. Using WSDL specifications as a query appears more promising. In the case when a client wants to substitute one web service with another without affecting the observable behavior of the system, he/she does not need to write a request. But in general, WSDL specification is redundant and does not contain QoS requirements. Ran [ 12 ] suggests SOAP-based requests. In the requirements for WS discovery competitions [ 2 ] requests are described in XML format. A similar style can be used to express client’s preferences about QoS characteristics and testing samples.

In IR approaches to WS discovery a query consists of keywords, which are matched against the stored descriptions in the UDDI. The Boolean model suffered from either lots or very few returned results. Traditional models like Vectorspace model seem to be quite effective. Latent Semantic Indexing (LSI), the prevailing method for small document collections, was applied on the UDDI to capture the semantic associations between services [ 14 ]. A suite of algorithms for similarity assessment between two WSDL descriptions were developed [ 15 ]. They are based on IR and component matching methods. The WordNet database is applied for semantic analysis of service documentation. According to those experimental results, the methods are neither precise nor robust. Dong et al. [ 3 ] describe an approach based on term associations analysis. In [ 6 ], WS discovery and composition based on syntactic matching is suggested. Authors propose to build indexes on operations and part names to speed up the matching process. Oh et al. [ 11 ] describe the transformation of WS discovery and composition issues into a graph search problem. Web services are compared depending on syntactic matching of input and output parameters whereas data types are ignored.

Retrieval is successful when the information need is satisfied. Therefore, we need to be provided with the user’s judgement of the relevance of the found data. Maximillien et al. [ 9 ] describe an agent-based system where agents act as proxies to collect information and build a reputation of semantic web services. In [ 17 ] trust management mechanism is added to evaluate the credibility of the user reports when predicting service quality. By nature, most of us are not inclined to give feedback. The solution is suggested by a recommendation system that uses implicit feedback from the user by means of analyzing his/her behavior. Birukov et al. [ 1 ] present such a system to produce recommendations for web search. In our task, agents can control actions like user search requests, test invocations of web services, bindings, successful service responses or failures, etc.

A Framework for WS Discovery

In Fig. 1 a basic architecture of our proposed framework is presented. Each client or group of local clients with similar preferences has a dedicated agent which task is to process all activities pertaining to web services (communication with registries, bindings, requests, responses). The personal agent accepts a request from its client (human or application), redirects the description of the goal to the matching agent which manages the registry. The matching agent searches for the services that can conceivably satisfy the client’s goal. It keeps history of requests, and provides the requester with the information about the agents that searched for the similar services before. Given a list of previous clients, that is the last k agents to which the matching agent recommended the service, the personal agent can ask them for recommendations. Then two scenarios are possible: a first one, in which the agents that invoked the services provide the requester with their own rankings, and an alternative one, in which they render to it parts of their own history leaving to the requester the task of processing it. The latter approach tries to overcome the problem of specific client’s preferences that cannot be provided by external QoS evaluation systems. The personal agent can ask first the agents that gave useful statistics before, and only if they do not have necessary information, to apply more extensive interrogation. An open issue is preventing malfeasant agents from affecting the service reputation. If web services use mediators that collect statistics about all their invocations, the personal agent may have more reliable data by comparing parameters provided by agents and the service mediator. Another advantage is that centralized data is more convenient for evaluation of such QoS factors as availability, reliability, capacity, robustness.

The matching agent provides the personal agent with the matching score of its request and returned web services. If this score is low, the relevance of the services is dubious and alternative approaches are needed to check if they correspond with the client’s request. Recording of invocation inputs and outputs can help to test the service before usage by new clients. A client sends testing samples to his/her/its agent, and the agent checks if they are among the data it has. If it is so we may strongly believe that the service fits the client’s goal and will work properly. But this approach conflicts with security and privacy issues, and may be time and space consuming.

The personal agent ranks the web services by combining the scores of matching, recommendations and tests (if they were provided). Before service invocation it asks the client for confirmation. Finally, the best-fit web service is invoked, QoS parameters are measured, and the results are saved. Then, the agent can ask its user if it should always invoke this service for the same query. Such an explicit user feedback can be used to reconstruct the trust policy to other agents or rating algorithm but it is not necessary. If a user keeps invoking a web service, he/she is likely to be satisfied with the service provided. Therefore, repeated usage should have a high weight for QoS evaluation. 4

Conclusions and Future Work In this paper we have presented a new WS discovery approach. Some subproblems, namely service matching methods, discovery system evaluation and request formats have been discussed. We have proposed a framework for WS selection based on QoS properties collected implicitly by a distributed agent-based system.

We intend to apply the recommendation system presented in [ 1 ] for WS discovery. To achieve our goal we need to implement a matching algorithm, and enrich the current functionality of agents with the ability to mediate WS invocations and measure QoS factors. A flexible ranking policy and learning algorithms for agents are also planned as part of our future work.

In [ 15 ] pairs of web services are compared by matching their data types, messages and operations. With respect to these approaches we are going to build indexes for provided operations, use semantic matching to eliminate the mismatched operations and apply relaxed structure matching for the filtered subset. We are planning to elaborate the results by trying alternative IR models (LSI, Probabilistic Models, etc.) on WSDL specifications. Another interesting point is that the matching agent can learn from experience. It can match each new query across services and across previous requests to them as well.

Our architecture is similar to [ 9 ] in a sense that agents control overall communication process between clients and each web service. Several problems are stated in the paper that are also relevant for our task. Among them is the risk tolerance of the user: the invocation of a new service matching the client’s goal could be regarded as higher risk than a more mature one. Another issue is that several complementary web services can be found to satisfy the goal. Our current work does not aim at tackling the problem of WS composition but potentially some state-of-the-art approaches can be exploited in order to increase system recall by considering composite services. An application of recommendation system for web services spawns a good number of interesting issues, typical for recommendation systems and novel as well. One of them is a new-system coldstart problem, when there are no user ratings of web services (monitored service invocations). In this case, the initial recommendation can be constructed using Google’s rating of the provider. For a new-service cold-start problem agents’ ratings of the services by the same provider can be used.

Ganna Frankova DIT - University of Trento, Via Sommarive, 14, 38050 Povo-Trento, Italy email: ganna.frankova@dit.unitn.it Abstract. The critical issue of web services success is the ability to compose web services in order to build complex added-value services. In web service compositions both functional and non functional properties, i.e. quality of service, should be taken into account. The quality of service in web service compositions plays a vital role and has opened a wide spectrum of challenges. We survey and analyze various approaches for modelling web service quality composition. Also we overview some ideas of service selection according to the surveyed models. From the analysis it turns out that there are many open issues in the web service quality composition area. 1 One of the most thought provoking issues in web services (WS) is that of automatic composing services in order to build complex added-value services. In particular, the quality of service (QoS) compositions plays a vital role and has opened a wide spectrum of challenges.

Nowadays the attention is on quality driven web service discovery [ 19 ] and efficient composing [ 5 ]. The research is well under way, and most of the focus is on “higher level” issues, i.e., selection and composition. On the one hand, it is important, on the other hand, there is not enough “background”, i.e., models for QoS of WS composition are far from ideal ones.

In this paper, we survey and analyze various approaches for modelling web service quality composition. Some ideas of service selection according to the models are presented. From the analysis it turns out that there are many open issues in the quality of web service composition area.

The reminder of the paper is organized as follows. Section 2 discusses related work. Section 3 is devoted to the comparison of the various approaches to WS quality composition modelling with respect to the proposed requirements. Some open issues and concluding remarks are presented in Section 4. 2

Approaches for WS Quality Composition Modelling Web service QoS issues are gaining attention and have been addressed in a number of recent works. Some approaches are based on the extension of the Web Service Description Language (WSDL) [ 7 ] to define not only functional, but also non-functional properties of the service, e.g., [ 11 ]. The problem with this kind of approach is that the QoS definition is tied to the individual operation, rather than to the service as a whole; furthermore, there issue of run-time support is not addressed.

In [ 20 ], the authors define QoS for WS by using XML schemas that both service consumers and providers apply to define the agreed QoS parameters. The approach allows for the dynamic selection of WS depending on various QoS requirements. On the negative side, the life-cycle of agreements is not taken into account, and it is not possible to define an expiration for a negotiation.

In [ 8 ], the Agreement-Based Open Grid Service Management (OGSI-A) model is presented. Its aim is to integrate Grid technologies with Web Service mechanisms and to dynamically manage negotiable applications and services using WS-Agreement. Recently proposed Web Services Agreement Specification [ 4 ] defines the interaction between a service provider and a consumer, and a protocol for creating an agreement using agreement templates. A formal definition of what the semantics of a QoS negotiation is and an extension to make agreements more robust and long-lived are proposed in [ 2 ].

The feasibility of using constraint programming to improve the automation of web services procurement is shown in [ 15 ]. A predictive QoS model for workflows involving QoS properties is proposed in [ 6 ]. In [ 9 ], the authors propose a model and architecture to let the consumer rate the qualities of a service. Various approaches and contemporary standards for managing web services can be found in [ 17 ]. In addition, the industry has proposed a number of standards to address the issue of QoS: IBM Web Service Level Agreement (WSLA) and HP’s Web Service Management Language (WSML) are examples of languages used to describe quality metrics of services [ 13 ].

An overview of several of the proposals for web service quality composition modelling follows. For all these approaches we present a realistic car loan example that involves getting a loan and buying a car. We assume that standardized web services interfaces for getting a loan and buying a car already exist. Some ideas of service selection according to the models are also presented.

Continuous-time Markov chains solution. The approach of estimation execution time and cost of a workflow based on continuous-time Markov chains is proposed in [ 12 ]. Applying the approach to the running example we take execution cost into account. In order to introduce a simple QoS model, each activity whose start and end is signaled by a service is assigned an execution cost. The cost incurs when the activity is started. Therefore, each transition is labeled with the sum of the costs of all activities which are active in the destination node but not in the source node.

Quality Vector solution. Description of elementary service quality as a quality vector is proposed in [ 21 ], a similar solution can be found in [ 1 ]. Each component of the vector is a quality criterion for the service. The authors propose to compute quality criteria for composite services by using special aggregation functions.

Applying the approach to the car loan example, a quality vector can be defined as q(s)=(qprice(s), qduration(s)), where qprice(s) is price of the service execution; qduration(s) is the expected delay in seconds between the request to the service s sending and the result receiving. The quality vector of a composite service’s execution plan p is the following: Q(p)=(Qprice(p), Qduration(p)), where Qprice(p) = PiN=1 qprice(si); Qduration(p)=CPA1(qduration(s1), ..., qduration(sN )); N is a number of states in the execution path.

Selection of optimal component services of a composite service can be done with a global planning approach. Furthermore service selection can be formulated as an optimization problem which is solved using linear programming.

Agent-oriented solution. The use of the agent-oriented methodology Tropos to model a wide spectrum of quality of web services properties is proposed in [ 3 ]. To model a quality composition of our running example web services, the whole set of interacting services is represented as a multi-agent system.

Ontology-based solution. E.M. Maximilien and M.P. Singh proposed an ontology-based framework for dynamic web services selection [ 16 ]. The model consists of two-layers: service ontology and QoS ontology. The services ontology relates services to QoS whereas the QoS ontology leads to the quality concepts. The QoS ontology is divided into three ontologies: upper, middle, and lower. QoS upper ontology includes the basic characteristics of all qualities and the main concepts associated with them, e.g., quality measurement and relationships. QoS middle ontology specifies domain-independent quality concepts, e.g., availability, performance, reliability, security. QoS lower ontology is a domain-specific ontology that typically completes the middle one.

Figure 1 shows the application of the approach to the running example. Both for TakeLoan and for BuyCar services service and QoS ontology are presented. 1 Critical Path Algorithm [ 18 ] The TakeLoan QoS ontology contains the concepts of Interest Rate, similarly the BuyCar QoS ontology includes the domain specific concept Price. Both domains use concepts of execution price and execution duration depicted in the middle ontology section.

Dynamic service selection calls for an agent-based solution. Using QoS ontology, service agents match advertised quality levels for the consumers with specific QoS preferences. 3

Discussion Now we can compare the various approaches for WS quality composition modelling with respect to the requirements derived from our exploration of the approaches we surveyed. The table in Figure 2 summarizes the results. The approaches are presented in the columns while the rows show the requirements.

Objective QoS Subjective QoS Run-time support QoS assignment

Requirements considering level

Markov Chains Quality Vector Agent-oriented Ontology-based √ √ √ √ √ Low Average

High

Fig. 2. Comparing approaches for WS quality composition modelling Objective and Subjective QoS. QoS can be objective, such as reliability, availability, and request-to-response time, or subjective, i.e., focusing on user experience [ 16 ]. Objective qualities are taken into account in all approaches, while only ontology-based systems focuses on both types of QoS.

Run-time support. According to the fact that some QoS metrics such as response time can change at run-time and a single value is not appropriate, approaches for WS quality composition modelling should have a run-time support infrastructure. Markov chains- and agents-based approaches provide run-time support.

QoS assignment to composite service. When quality constraints and preferences are assigned to composite services rather than to component services it is easy to reuse the composed service, i.e., use it in another quality driven composition. The table in Figure 2 shows that quality vector-based and agentoriented solutions allow to assign QoS to composite service.

Quality Requirements. QoS Requirements for Web Services [ 10, 14 ] include performance, reliability, scalability, capacity, robustness, exception handling, accuracy, integrity, accessibility, availability, interoperability, security, regulatory, and network-related QoS requirements. Analyzing the approaches one notes that not all of the requirements are met. Specifically, execution price and time are estimated in [ 12 ]. While [ 21 ] considers execution price, execution duration, reliability, availability and reputation, and [ 1 ] focuses on four quality dimensions, i.e., execution cost, execution time, reliability, and availability. Ontologyand agent-based solutions theoretically deal with on all QoS requirements.

Summarizing, an analysis of the table shows that current QoS models of WS composition are far from ideal, and a number of open challenges exists. In this paper we have presented a survey and analysis of various approaches for modelling web service quality composition. Web service quality composition approaches range from industry standards to more abstract models. An ideal approach should satisfy the identified requirements, but so far there is not an approach fulfilling all requirements.

The survey has highlighted that there is a lot of space for further investigation and innovative research. In particular, web services are widely-used in e-commerce, an area required achieving high level of security. But there is no solution to model security properties of composed services. Further investigation should be devoted to solving security quality integration, as well as run-time support issues. Mathematical modelling approaches, and graph-based solutions are promising fields to look for solutions to this problem, as well as optimization techniques. The author will focus on solving the web service security composition problem by applying optimization techniques.

Acknowledgments The author thanks Marco Aiello and Fabio Massacci for discussions and assistance in the presented work.

Extending OWL for QoS-based Web Service Description and Discovery

Kyriakos Kritikos University of Crete, Heraklion, Greece,

kritikos@csd.uoc.gr 1

Main Theme of Thesis Web Services (WSs) are modular, self-describing, loosely-coupled, platform and programming language-agnostic software applications that can be advertised, located and used across the Internet. They are viewed as one of the promising technologies that could help business entities to automate their operations on the web on a large scale by automatic discovery and consumption of services. Based on the above reasons, the WS paradigm is being adopted by many companies and individuals and many WSs are being deployed and running.

However, as all of these WSs are advertised in a UDDI-based repository, an unavoidable fact as UDDI is a de-facto standard, the problem of discovering them based on a requester’s functional needs becomes crucial. UDDI uses a syntaxbased approach for WS description leading to purely syntactic discovery efforts returning imprecise and inaccurate results. OWL-S [OWL-S Coalition 2003] and similar joint Semantic Web and WS efforts solve the problem of syntactic WS description by using ontologies for describing WSs. Ontologies provide meaning to concepts and relationships between them, leading to semantic WS Discovery algorithms, which provide more precise and accurate results.

But even if all the advertised WSs satisfying a requester’s functional needs are returned, many results may be produced. So a non-functional concept is needed that will differentiate between the functionally equivalent WS advertisements. This concept is quality of service (QoS). QoS is closely related with the performance of a WS as well as with other features of a WS that bear on its ability to satisfy stated or implied needs. Therefore it has a substantial impact on users’ expectations from a service. Thus WS descriptions must be enhanced with QoS descriptions. Additionally, WS discovery algorithms should perform QoS-based matchmaking and selection in order to produce fewer ranked results.

Unfortunately, all the current research efforts fail in correctly describing QoS for WSs. Semantics seems to be missing from the QoS description of a WS leading to purely syntactic QoS-based WS matchmaking and selection algorithms. But even if semantics is introduced, QoS description is not rich enough and not quite extensible. So the main issue of this PhD thesis is the rich, extensible, and semantic description of QoS for WSs. Additionally, new QoS-based WS matchmaking and selection algorithms must be devised or the current best should be extended in order to take advantage of this enhanced semantic QoS description.

Motivation for Research After reviewing several definitions for QoS for WSs, we consider QoS for a WS as ”a set of non-functional characteristics/attributes that may impact the quality of the service offered by the WS ”. If a WS is advertised to have certain values (or range of values) in these QoS attributes, then it is said that this WS conforms to a certain QoS level. In this section we explain the reasons for incorporating QoS in WS description.

According to [Cardoso et. al. 2004], several researchers have identified Web Processes (WPs) as the computing model that enables a standard method of building Web-services applications and processes to connect and exchange information over the Web. For organizations, the ability to characterize WPs based on QoS has four distinct advantages. First, it allows organizations to translate their vision into their business processes more efficiently, since WPs can be designed according to QoS metrics. For e-commerce processes it is important to know the QoS an application will exhibit before making the service available to customers. Second, it allows for the selection and execution of WPs based on their QoS, to better fulfil customer expectations and requirements. Third, it makes possible the monitoring of WPs based on QoS to assure compliance both with initial QoS requirements and targeted objectives. QoS monitoring allows adaptation strategies to be triggered when undesired metrics are identified or when threshold values are reached. Fourth, it allows for the evaluation of alternative strategies when adaptation becomes necessary. It is essential that the services rendered follow customer specifications to meet their expectations and ensure satisfaction. Customer expectations and satisfaction can be translated into the quality of service rendered. Organizations have realized that quality of service management is an important factor in their operations.

As WPs are composed or single WSs, all the above advantages of QoS management of WPs also apply to WSs. So WSs can be designed and implemented according to QoS metrics (properties). They can also be discovered and selected based on their QoS capabilities. In addition, they can be monitored in order to reassure the promised QoS levels to the customers. Moreover, monitoring of QoS for WSs can trigger adaptation strategies when undesired metrics are identified, threshold values are reached, network or software or hardware errors happen. Now, we will closely examine the advantages of QoS description (management) in other non-basic activities/functions of the Service Oriented Architecture.

After the process of WS Selection, the requester chooses the best WS from an ordered WS advertisement list. However, even if WS clients find the appropriate WS, they are not confident that the WS’s described QoS levels will actually be delivered during WS execution. For this reason, the WS client and provider enter a multi-step negotiation phase, where they try to agree on a trusted third-party entity monitoring QoS levels delivered, on the penalties that will be imposed when one of the two main parties does not keep up with its promises, and on the validity period of the promises. The result of this negotiation phase is a contract or a Service Level Agreement (SLA) document that will give confidence and trust to the entities providing and consuming the service and will lead and guide the process of WS Execution. If agreement is not met, the negotiation is stopped and the WS client contacts the next WS from the returned list of the WS Selection phase.

When composing a WS, component services are associated to the individual tasks of the composite WS and are invoked during each execution of the WS. However, the number of services providing a given functionality may be large and constantly changing and some of these services will not always be available due to network problems, software evolution and repair, and hardware problems. One solution to this problem is given at design time by QoS-based WS discovery. Another solution is the runtime selection of component services, during the execution of a composite WS, based on quality criteria (i.e. constraints and preferences) and following a local [Benatallah et. al. 2002] or a global [Zeng et. al. 2003] selection strategy. In the latter case, service selection is formulated as an optimization problem and linear programming is used to compute optimal execution plans for composite services.

Review of Related Work In this section, the current research approaches for QoS-based WS Description and Discovery are described and their deficiencies are analyzed.

The Web Service Description Language (WSDL) and UDDI WS standards are syntactical approaches that do not express the QoS aspect/part of WS Description. While OWL-S is a standard semantic approach for WS Description, it does not describe QoS offers or demands as it only contains an attribute used for rating a WS.

[Tosic et. al. 2002] argue that for the specification of constraints for QoS metrics/attributes, five ontologies must be developed from which the most important (the top one) is the metrics ontology. They describe the structure and involved elements in four out of the five ontologies but they did not develop any ontology. In addition, the requirements specified are incomplete as each from the four aspects of QoS description needs further analysis.

In [Shuping Ran 2003], an extension to UDDI is proposed that represents description of QoS information about a particular WS. However, there is no actual description of the contents of this extension apart from its structure. Moreover, it relies on the UDDI (model), so it can be used only for syntactic matchmaking of offers and demands.

In [Maximilien and Singh 2002], an architecture and a conceptual model of WS reputation (QoS) (which encloses a QoS attributes model) are presented. However, the reputation of a WS is calculated and not it’s QoS. In addition, not only concepts like QoS constraints and QoS offers and demands are not modeled but also the QoS metrics model is not rich enough.

Work described in [Tosic et. al. 2003], which presents the Web Service Offerings Language (WSOL), proposes that a WS must offer different classes of service in order to satisfy a greater amount and type of customers and in order to deal successfully with situations where there is a variation in QoS due to network problems or mobility reasons. This work comes with the following shortcomings: (a) no separation and integration of constraint dimensions; (b) no specification of a QoS demand; (c) the metrics ontologies are not yet developed.

The research effort described in [Tian et. al. 2003] analyzes what must be enclosed into the QoS information for a WS request or advertisement with the help of a QoS ontology. However, not only there is not a complete and accurate description of QoS constraints but also metrics ontologies are not developed but just referenced.

In [Zhou et. al. 2004], DAML-S WS description language is extended to include a QoS specification ontology. In addition, a novel QoS matchmaking algorithm is proposed, which is based on the concept of QoS profile compatibility. The deficiencies of this research effort are the following: (a) The metrics model is not rich enough; (b) QoS metrics have the set IN+ as their range; (c) DL reasoners are slow and do not support the most complex mathematical expressions.

The research effort described in [Mart´ın-D´ıaz et. al. 2003] uses a symmetric QoS model expressing mathematical constraints for QoS metrics. However, semantics is missing leading to syntactic matchmaking and selection algorithms. Before matchmaking, a QoS specification is transformed to a Constraint Satisfaction Problem (CSP) [Hentenryck and Saraswat 1996] which is checked for consistency (if it has any solution). Matchmaking is performed according to the concept of conformance (if every solution of offer is a solution of demand). Concerning WS Selection, the (QoS) score of a WS advertisement is expressed as a Constraint Satisfaction Optimization Problem (CSOP) [Hentenryck and Saraswat 1996] where from all solutions to the CSP of an offer we try to find the one that minimizes the weighted sum of the weight of each metric multiplied with its utility assessment value. Unfortunately, CS(O)Ps can have non-polynomial solutions when there are non-linear expression at QoS constraints. 4

Future Work of the Thesis Based on the previously analyzed research work, we propose the following steps that must be taken to address the issues of the thesis; the fulfilment of which will lead to correct, efficient and accurate QoS-based WS Description and Discovery processes. Some of them have already been performed while the other will be dealt with in the future. These steps are:

Requirements for QoS-based WS Description: This step has already been taken. We have come up with the following requirements: – Extensible and formal semantic QoS model – Standards compliance – Syntactical separation of QoS-based and functional parts of service specification – Both requester and provider QoS specification – Refinement of QoS specifications (extensibility, reusability) – Fine-grained QoS specification (QoS specs for the whole WS and its parts) – Extensible and formal QoS attribute/metric model which must at least specify: (a) The value set of the attribute; (b) The domain of knowledge of the attribute; (c) The relationship of the attribute with other attributes; (d) The association of the attribute with a unit, a measured property and a measurement function; (e) A functional description of how a QoS attribute of a complex WS can be derived from the corresponding QoS attribute of the individual WSs that constitute the complex one. – Classes of service (an advertisement should present many offers)

QoS-based WS Description : Based on the above requirements, a QoSbased WS ontology has been developed with the name OWL-Q. This ontology extends OWL-S (standard) WS Description ontology and is carefully separated into many facets, each capturing one aspect of QoS WS (metric) description except from the basic one that associates OWL-S elements with OWL-Q elements. This ontology satisfies the above requirements and enables the semantic matchmaking of QoS advertisements and offers.

Semantic QoS metric matchmaking: Based on the OWL-Q ontology, we have developed an algorithm that semantically matches QoS metrics of demands and offers. This algorithm can be used as a building block for the QoS-based WS matchmaking and selection algorithms. For matchmaking simple metrics, this algorithm compares the type and measurement directive of the metrics, while for composite metrics it also compares the metrics’ measurement functions.

Develop a new or extend an old QoS-based WS matchmaking algorithm: We have extended the matchmaking algorithm proposed in [Mart´ın-D´ıaz et. al. 2003] in order to incorporate the semantic QoS metric matchmaking algorithm. To be more specific, when transforming QoS offers and demand to CSPs, we are careful to assign same metrics to same CSP variables and to perform unit transformation of the same metrics.

Develop a new or extend an old QoS-based WS selection algorithm: We have extended the selection algorithm proposed in [Mart´ın-D´ıaz et. al. 2003] in order to incorporate the semantic QoS metric matchmaking algorithm. To be more specific, when transforming QoS offers to CSOPs, we are careful to assign same metrics to same CSP variables and to perform unit transformation of the same metrics. We have also changed the scoring function: now this function is the partial sum of the minimum and maximum assessment sums. That is we solve two CSOPs for the same offer and then we perform a partial sum of their results.

Implement these matchmaking and selection algorithms: This is a step under development. The implementation uses an OWL inference engine for the semantic QoS metric matching and the ECLiPSe [Novello and Schimpf 1999] engine for solving CS(O)Ps.

Formal evaluation of the above algorithms: The above three algorithms should be formally evaluated in order to prove that they are efficient, quick, accurate and precise.

Extend the ontology and the algorithms: After performing all the above steps, OWL-Q ontology should be extended to include other non-functional descriptions of WSs (mainly contextual ones) and its design must be finalized. In addition, the QoS-based matchmaking algorithm must be extended in order to distinguish between soft and hard non-functional constraints.

Tools: GUIs and other utilities should be constructed that will help the user in describing and discovering WSs.

References