Service-Oriented Computing – ICSOC 2008

Building the right infrastructure that can scale up or down at a moment’s notice can be a complicated and expensive task, but it’s essential in today’s competitive landscape. This applies to an enterprise trying to cut costs, a young business unexpectedly saturated with customer demand, or a research lab wanting to test at scale. There are many challenges when building a reliable, flexible architecture that can manage unpredictable behaviors of today’s Internet business. This presentation will outline some of the lessons learned from building one of the world’s largest distributed systems, Amazon.com, and the evolution that gave rise to Amazon reselling its infrastructure in the form of Amazon Web Services, allowing anyone to leverage the same robust, scalable, and reliable technology that powers Amazon’s business.

This talk will focus on Internet based systems that are primarily participatory in nature. In such systems, we need to think beyond infrastructure, data,and algorithms. While these entities are well understood from the service architecture point of view, the demands of participatory systems are different. In a massive-scale system like eBay that’s highly participatory in nature, user roles, actions and interactions affect and influence how the system functions and scales. While applications and platforms as service are well understood in the current, evolution through participation mandates the need for additional service orientations. For instance,

interface as a service

through programmable implementations or

user experience as a service

through programmable visual elements and interactions can be easily perceived. Machines and machine algorithms will take us part of the way but making them scalable and adaptable to change is a challenge. We need to talk about augmented intelligence where machine power coexists with and is complemented by human intelligence. Designing scalable services and applications in this dynamic context pose interesting challenges and new opportunities. This ltalk will focus on the unique nature of this long tail world.

Computational approaches to problem solving have proven their worth in many fields of science, allowing the collection and analysis of unprecedented quantities of data and the exploration via simulation of previously obscure phenomena. We now face the challenge of scaling the impact of these approaches from the specialist to entire communities. I speak here about work that seeks to address this goal by rethinking science’s information technology foundations in terms of service-oriented architecture. In principle, service-oriented approaches can have a transformative effect on scientific communities, allowing tools formerly accessible only to the specialist to be made available to all, and permitting previously manual data-processing and analysis tasks to be automated. However, while the potential of such “service-oriented science” has been demonstrated, its routine application across many disciplines raises challenging technical problems. One important requirement is to achieve a separation of concerns between discipline-specific content and domain-independent infrastructure, so that new services can be developed quickly and existing services can respond effectively to time-varying load. Another key requirement is to streamline the formation and evolution of the “virtual organizations” that create and access content. I describe the architectural principles, software, and deployments that I am and my colleagues have produced as we tackle these problems, and point to future technical challenges and scientific opportunities. I illustrate my talk with examples from astronomy and biomedicine.

SOA and Web services have profoundly changed enterprise and commercial applications. BPEL, dynamic binding via service regis- tries and repositories, alignment of grid computing with Web service standards, and a common approach to SOA and event driven architectures are examples of technologies that enable a new approach to applications and solutions. Many papers and talks have explained these technologies and their benefits. Systems and application management using Web services is a growing area that builds on these technologies. There are many benefits to a common SOA/Web service approach to modeling, developing, deploying, managing and optimizing SW solutions. This presentation explains the benefits.

Several significant intellectual challenges hinder realizing the promise of a SOA/Web service approach to systems and application management. One of the most important is “managing from a business service perspective.” Business professionals have a completely different definition of “service” from technical professionals. Enterprises think in terms of IT realization of “business services,” for example online banking or shipped package tracking. The business services are an interacting fabric of SOA services, and in many cases the enterprise does not fully understand which services interact in a business solution or to process a request. Many elements in the business service are not SOA services, for example databases, directories, file servers, etc.

This talk provides a deeper explanation of the business problem and challenges. The talk also explains the state of the art for solving some of the challenges. Finally, the talk concludes with suggestions for research and projects.

Enterprise software systems play an essential role in an organization’s business operation. Many business rules and regulations governing an organization’s operation can be translated into quality requirements of the relevant software systems, such as security, availability, and manageability. For systems implemented using

Web Services

, the specification and management of these qualities in the form of

Web Service policies

are often complicated and difficult to be aligned with the initial business requirements. In this paper, we introduce the

Hope

(High-Level Objective-based Policy for Enterprises) framework that supports, in a systematic manner, the specification of quality-oriented policies at the business level and their refinement into policies at the system/service level. Quality-oriented business requirements are expressed in

Hope

as quality objectives applied to business entities and further refined or translated into system-level WS-Policy statements. The refinement relies on an application-specific business entity model and application-independent domain quality models. We demonstrate the approach with a case study involving policy specification and refinement in the security domain.

Business processes consisting of component Web services are often executed in volatile environments where the quality of service parameters of the participating services might change during the execution of the business processes. Recently, research has been carried out on adapting composite Web service in volatile service-oriented computing environments. However, current approaches do not consider the internal logic of the business process and the impact of adaptation for a single service on the other component services. Other than quality of service parameters, effective adaptation requires specific information of the component services in terms of their position and interaction in the business process. The work reported in this paper is a first step in this direction. We present a novel approach to adaptation of Web service composition based on workflow patterns. This approach measures the value of changed information that updated services may potentially introduce in the business process. Experimental results show that our approach provides effective adaptation solutions by expanding the adaptation scope and considering the internal logic of business process.

We study the problem of web service protocol composition. We consider a formal framework where service business protocols are described by means of Finite State Machines (FSM) and focus on the protocol synthesis problem, i.e., how to generate automatically a new target service protocol by reusing some existing ones. We consider a general case of this problem where the number of instances of existing services that can be used in a given composition is not bounded

a priori

. We motivate the practical interest of investigating such a problem and then we prove its decidability by providing a sound and complete composition algorithm. Since the main composition algorithm is not primitive recursive, which means that no theoretical complexity bound can be computed, we evaluated experimentally the performance of the algorithm on synthetic data instances and present preliminary results in this paper.

Currently, many grid applications are developed as job flows that are composed of multiple jobs. The execution of job flows requires the support of a job flow manager and a job scheduler. Due to the long running nature of job flows, the support for fault tolerance and recovery policies is especially important. This support is inherently complicated due to the sequencing and dependency of jobs within a flow, and the required coordination between workflow engines and job schedulers. In this paper, we describe the design and implementation of a job flow manager that supports fault tolerance. First, we identify and label job flow patterns within a job flow during deployment time. Next, at runtime, we introduce a proxy that intercepts and resolves faults using job flow patterns and their corresponding fault-recovery policies. Our design has the advantages of separation of the job flow and fault handling logic, requiring no manipulation at the modeling time, and providing flexibility with respect to fault resolution at runtime. We validate our design with a prototypical implementation based on the ActiveBPEL workflow engine and GridWay Meta-scheduler, and Montage application as the case study.

The explosive popularity of mashups has given rise to a plethora of web-based tools for rapidly building mashups with minimal programming effort. In turn, this has spurred interest in using these tools to empower end-users to build

situational applications

for business. Situational applications based on Reo (SABRE) is a service composition platform that addresses service heterogeneity as a first-class concern by adopting a mashup’s data-centric approach. Built atop the Reo coordination language, SABRE provides tools to combine, filter and transform web services and data sources like RSS and ATOM feeds. Whereas other mashup platforms intermingle data transformation logic and I/O concerns, we aim to clearly separate them by formalising coordination logic within a mashup. Reo’s well-defined compositional semantics opens up the possibility of constructing a mashup’s core logic from a library of prebuilt connectors. Input/output in SABRE is handled by service stubs generated by combining a syntactic service specification such as WSDL with a constraint automaton specifying service behaviour. These stubs insulate services from misbehaving clients while protecting clients against services that do not conform to their contracts. We believe these are compelling features as mashups graduate from curiosities on the Web to situational applications for the enterprise.

Software Adaptation is a hot topic in Software Engineering since it is the only way to compose non-intrusively black-box components or services with mismatching interfaces. However, adaptation is a complex issue especially when behavioral descriptions of services are considered. This paper presents optimised techniques to generate adaptor protocols, being given a set of service interfaces involved in a composition and an adaptation contract. In this work, interfaces are described using a signature, and a protocol that takes value passing into account. Our proposal is completely supported by tools that automate the generation and the verification of the adaptor protocols. Last, we show how our adaptation techniques are implemented into BPEL.

Workflow graphs are used to model the control flow of business processes in various languages, e.g., BPMN, EPCs and UML activity diagrams. We present techniques for automatic workflow graph refactoring and completion. These techniques enable various use cases in modeling and runtime optimization. For example they allow us to complete a partial workflow graph, they provide local termination detection for workflow graphs with multiple ends, and they allow us to execute models containing OR-joins faster. Some of our techniques are based on workflow graph parsing and the Refined Process Structure Tree [10].

We investigate the problem of WS-BPEL processes

resiliency

in RBAC-WS-BPEL, an authorization model for WS-BPEL that supports the specification of authorizations for the execution of WS-BPEL process activities by roles and users and authorization constraints, such as separation and binding of duty. The goal of resiliency is to guarantee that even if some users becomes unavailable during the execution of a WS-BPEL process, the remaining users can still complete the execution of the process. We extend RBAC-WS-BPEL with a new type of constraints called

resiliency constraints

and the notion of

user failure resiliency

for WS-BPEL processes and propose an algorithm to determine if a WS-BPEL process is user failure resilient.

Enriching business process models with semantic tags taken from an ontology has become a crucial necessity in service provisioning, integration and composition. In this paper we propose to represent semantically labelled business processes as part of a knowledge base that formalises: business process structure, business domains, and a set of criteria describing correct semantic labelling. Our approach allows (1) to impose domain dependent constraints during the phase of process design, and (2) to automatically verify, via logical reasoning, if business processes fulfill a set of given constraints, and to formulate queries that involve both knowledge about the domain and the process structure. Feasibility and usefulness of our approach will be shown by means of two use cases. The first one on domain specific constraints, and the second one on mining and evolution of crosscutting concerns.

Quality of Service Management (QoSM) is a new task in IT-enabled enterprises that supports monitoring, collecting and predicting QoS data. QoSM solutions must be able to efficiently process runtime events, compute and pre dict QoS metrics, and provide real-time visibility and prediction of key perform ance indicators (KPI). Currently, most QoSM systems focus on moni tor ing of QoS constraints, i.e., they report what has been happened. In a way, this provides the awareness of past developments and sets the basis for decisions. However, this kind of knowledge is afterwit. For example, it cannot provide early warnings to prevent the QoS degradation or the violation of commitments. In this paper, we move one step forward to provide QoS prediction. We argue that performance metrics and KPIs can be predicted based on historical data. We present the design and implementation of a novel event-driven QoS prediction system. Integrated into the SOA infrastructure at large, the prediction system can process operational service events in a real-time fashion, in order to predict or refine the prediction of metrics and KPIs.

Deployment patterns have been proposed as a mechanism to support the provisioning of SOA-based services. Deployment patterns represent the structure and constraints of composite solutions, including non-functional properties, such as performance, availability, and security, without binding to specific resource instances. In previous work [1], we have presented a formal mechanism for capturing such service deployment patterns using models. Our pattern models define abstract connectivity and configuration requirements which are then

realized

by an existing or planned infrastructure. Realization mapping is used to enforce policies, and is materialized at deployment time. In this paper we extend that work to address the problem of

automatic pattern realization

over a given infrastructure. We first formalize the problem and present three variations of increasing power and complexity. We then present a variation of a search-based graph isomorphism algorithm with extensions for our pattern model semantics. Next, we show that our worst-case exponential complexity algorithm performs well in practice, over a number of pattern and infrastructure combinations. We speculate that this is because deployment topologies represent heavily labeled and sparse graphs. We present a number of heuristics which we have compared experimentally, and have identified one which performs best across most scenarios. Our algorithm has been incorporated into a large deployment modeling platform, now part of the IBM Rational Software Architect (RSA) tool [2].

Enterprises are turning to SOA for the flexible deployment of business processes. While current monitoring tools can detect service execution problems in an enterprise’s servers and report such problems to human decision makers, they may not closely monitor the external services they use, diagnose the root cause of process problems, and automatically reconfigure the process to replace faulty services. This paper presents the LLAMA middleware support for service process monitoring, run-time management, and configuration. Instances of accountability agents are deployed to selectively monitor some services’ performance. These agents in turn allow LLAMA’s Accountability Authority (AA) to diagnose process problems and apply any necessary reconfiguration. The project also builds tools to simplify the setup and deployment of LLAMA components. Our experimental results indicate that using LLAMA contributes only a modest amount of system overhead, and that the diagnosis process is swift and sufficiently accurate.

The computing and networking capacities of today’s wireless portable devices allow for pervasive services, which are seamlessly networked. Indeed, wireless handheld devices now embed the necessary resources to act as both service clients and providers. However, the seamless networking of services remains challenged by the inherent mobility and resource constraints of devices, which make services a priori highly volatile. This paper discusses the design, implementation and experimentation of the

ubi

SOAP service-oriented middleware, which leverages wireless networking capacities to effectively enable the seamless networking of services.

ubi

SOAP specifically defines a layered communication middleware that underlies standard SOAP-based middleware, hence supporting legacy services while exploiting nowadays pervasive connectivity.

The current development of context-awareness has introduced various emerging research areas to reduce complexity in developing context aware applications by applying service-oriented approach in managing context and establish context service. The establishment of context service will enable context aware systems to access and utilize context from context providers without paying necessary attention on how context information are composed and managed. Frequent changes of available context providers with different context quality are common phenomena in mobile environment. Hence, dealing with quality of context is a very important issue to provide reliable services for context management in this environment. We have identified some key requirements to establish context service and propose a service-oriented framework to facilitate context management in mobile environment. Furthermore we show our approach to deal with problem in providing appropriate context based on its quality requirements and the preferences of the corresponding context request.

Adaptive self-managing applications can adapt their behavior through components that monitor the application behavior and provide feedback controls. This paper outlines an autonomic approach to coordinate multiple controls for managing service quality using executable control models. In this approach, controls are modeled as process models. Moreover, controls with cross-cutting concerns are provisioned by a dedicated process model. The flexibility of this approach allows composing new controls from existing control components. The coordination of their dependencies is performed within a unified architecture framework for modeling, deploying and executing these models. We integrate the process modeling and execution techniques into a middleware architecture to deliver such features. To demonstrate the practical utilization of this approach, we employ it to manage fail-over and over-loading controls for a service oriented loan brokering application. The empirical results further validate that this solution is not only sensitive to resolving cross-cutting interests of multiple controls, but also lightweight as it incurs low computational overhead.

Dynamic service binding is essential for runtime adaptability of BPEL processes, particularly in the case of service failure. BPEL’s support for dynamic service binding is coupled with the process business logic, requiring the process developer to deal with dynamic service selection and failure recovery. Changing these aspects requires modification and redeployment of all affected processes. In this paper we present a novel infrastructure that handles dynamic (re)binding of stateful and stateless services independently of process business logic. Our infrastructure is transparent both to the process developer and to the BPEL engine. It offers automated failure recovery and allows for runtime customizations, such as changes of service binding policies. We also assess infrastructure overhead and explore the impact of service failures on system throughput.

Service-oriented architectures (SOAs) are gaining popularity as an approach to provide flexibility and agility, not just in systems development but also in business process management. Studies of the practical business impacts of SOA are crucial as the number of SOA implementations grows, and are required for a better critical understanding of this popular architectural concept that is being rapidly adopted by industry organizations. Although there is a significant amount of ongoing research related to technology implementations of SOAs, there is a paucity of research literature on the factors affecting the adoption of service-oriented computing and the realization of business value in practice. This paper empirically examines the adoption of service-oriented computing (SOC) as an enterprise strategy across fifteen firms, and discusses the organizational constraints that influence the enterprise adoption and implementation of SOA. In doing so, this paper fills a crucial gap in the academic literature about the practical use of SOA as an enterprise strategy for agility, and lays the groundwork for future work on SOA alignment with organizational strategy. The paper also provides practitioners with guidelines for the successful implementation of SOA to achieve business value.

Automation of processes is a crucial factor for enterprises operating within a modern collaborative business environment. In order to ensure flexible operations, companies tend to build their IT systems in accordance with the SOA paradigm and take advantage of the Semantic Web technologies. The mentioned tendency especially in case of cooperating organizations requires support for automated service discovery and fast integration of discovered artefacts. Currently, one can easily find several initiatives that aim at automation of already pointed tasks. As a part of this work, we analyze a number of different frameworks that implement, support and facilitate interactions inherent to Semantic Web services and indicate their shortcomings. Having completed this survey, we propose a general model of SWS e-marketplace taking into account all important aspects that a featured model should provide. In order to achieve this goal, a set of features provided by the surveyed frameworks is compiled with a set of additional traits that were not considered before. Moreover, the model is enriched with economical requirements driven by service providers’ and service requesters’ needs.

Service Oriented Architecture, e.g., Web services, as building blocks for IT based on open standards, assist enterprises become more responsive to the changing business environment when they are implemented and used in the context of business processes. In this direction, packaged integration platforms like IBM’s Composite Business Services or SAP have pre-configured business processes offered as web services. When the demand for a new capability arises, it can be addressed by building new services or by customizing an existing service. Service providers try to cover as much of the potential customer requirements as possible with provided capabilities but a complete coverage is not possible as individual industries might have unique requirements and customers can integrate services from multiple parties. In this situation, the problem is not whether a particular customization method will work but rather how to determine the overall impact of a new requirement in a complex SOA environment in terms of activities to be done and at what cost.

In this paper, we propose a solution to these problems by introducing the notion of business driven customization of SOA (specifically web services). We introduce a formal model capturing properties and relationships of business objects and business processes, and their implementing services and messages. We also have instance-independent, impact propagation rules to encode the desirable customization behavior of any implementation. Now, we can capture new requirements as change triggers in the model and using the modeled rules, can precisely compute the scope of their overall impact spanning both business and IT domains. Overall, we introduce the customization and impact model, describe its implementation, and illustrate its application in an industry scenario with large number of services with complex characteristics (SAP).

Service networks comprise large numbers of long-running, highly dynamic complex end-to-end service interactions reflecting asynchronous message flows that typically transcend several organizations and span several geographical locations. At the communication level, service network business protocols can be flexible ranging from conventional inter-organizational point-to-point service interactions to fully blown dynamic multi-party interactions of global reach within which each participant may contribute its activities and services. In this paper we introduce a formal framework enriched with temporal constraints to describe multi-party business protocols for service networks. We extend this framework with the notion of multi-party business protocol soundness and show how it is possible to execute a multi-party protocol consistently in a completely distributed manner while guaranteeing eventual termination.

The need for integration of both client and server applications that were not initially designed to interoperate is gaining popularity. One of the reasons for this popularity is the capability to quickly reconfigure a composite application for a task at hand, both by changing the set of components and the way they are interconnected. Service Oriented Architecture (SOA) has become a popular platform in the IT industry for building such composite applications recently with the integrated components being provided as web services. A key limitation of such a web service is that it requires extra programming efforts when integrating non web service components, which is not cost-effective. Moreover, with the emergence of new standards, such as OSGi, the components used in composite applications have grown to include more than just web services. Our work enables progressive composition of non web service based components such as portlets, web applications, native widgets, legacy systems, and Java Beans. Further, we proposed a novel application of semantic annotation together with the standard semantic web matching algorithm for finding sets of functionally equivalent components out of a large set of available non web service based components. Once such a set is identified the user can drag and drop the most suitable component into an Eclipse based composition canvas. After a set of components has been selected in such a way, they can be connected by data-flow arcs, thus forming an integrated, composite application without any low level programming and integration efforts. We implemented and conducted experimental study on the above progressive composition framework on IBM’s Lotus Expeditor which is an extension of a Service Oriented Architecture (SOA) platform called the Eclipse Rich Client Platform (RCP) that complies with the OSGi standard.

A precise definition of interaction behavior between services is a prerequisite for successful business-to-business integration. Service choreographies provide a view on message exchanges and their ordering constraints from a global perspective. Assuming message sending and receiving as one atomic step allows to reduce the modelers’ effort. As downside, problematic race conditions resulting in deadlocks might appear when realizing the choreography using services that exchange messages asynchronously. This paper presents typical issues when desynchronizing service choreographies. Solutions from practice are discussed and a formal approach based on Petri nets is introduced for identifying desynchronizable choreographies.

We propose that a semantic service-oriented approach is one of the best techniques to cope with challenges in wireless sensor network (WSN) applications. This paper offers a framework for sensor network services that aims to improve query processing. We expect this framework will address current challenges and issues preventing the wider uptake of WSN technology. More specifically, we propose a semantic service-oriented framework with a focus on query processing to allow distributed end-users to request streams of interest easily and efficiently, based on the principle of pushing the query down to the network nodes as much as possible. As such, the lifetime and utility of the sensor network will be maximised, ultimately leading to the success of WSN deployments. The importance of semantics, which aims to support sensor capability modelling and query writing has been highlighted. On the other hand, query rewriting is emphasised followed by examples to illustrate that query rewriting can significantly contribute to the overall power efficiency of WSNs.

Service Level Agreements (SLAs) are used in Service-Oriented Computing to define the obligations of the parties involved in a transaction. SLAs define the service users’ Quality of Service (QoS) requirements that the service provider should satisfy. Requirements defined once may not be satisfiable when the context of the web services changes (e.g., when requirements or resource availability changes). Changes in the context can make SLAs obsolete, making SLA revision necessary. We propose a method to autonomously monitor the services’ context, and adapt SLAs to avoid obsolescence thereof.

With a large number of web services offering the same functionality, the Quality of Service (QoS) rendered by a web service becomes a key differentiator. WS-BPEL has emerged as the de facto industry standard for composing web services. Thus, determining the QoS of a composite web service expressed in BPEL can be extremely beneficial. While there has been much work on QoS computation of structured workflows, there exists no tool to ascertain QoS for BPEL processes, which are semantically richer than conventional workflows. We propose a model for estimating three key QoS parameters - Response Time, Cost and Reliability - of an executable BPEL process from the QoS information of its partner services and certain control flow parameters. We have built a tool to compute QoS of a WS-BPEL process that accounts for most workflow patterns that may be expressed by standard WS-BPEL. Another feature of our QoS approach and the tool is that it allows a designer to explore the impact on QoS of using different software fault tolerance techniques like Recovery blocks, N-version programming etc., thereby provisioning QoS computation of mission critical applications that may employ these techniques to achieve high reliability and/or performance.

An SLA signed by all interested parties must be created carefully, avoiding contradictions between terms, because their terms could carry penalties in case of failure. However, this consistency checking may become a challenging task depending on the complexity of the agreement. As a consequence, an automated way of checking the consistency of an SLA document and returning the set of inconsistent terms of the agreement would be very appealing from a practical point of view. For instance, it enables the development of software tools that make the creation of correct SLAs and the consistency checking of imported SLAs easier for users. In this paper, we present the problem of explaining WS-Agreement inconsistencies as a constraint satisfaction problem (CSP), and then we use a CSP solver together with an explanation engine to check the consistency and return the inconsistent terms. Furthermore, a proof-of-concept using Choco solver in conjunction with the Palm explanation engine has been developed.

Service-oriented systems are constructed using Web services as first-class programmable units and subsystems and there have been many successful applications of such systems. However, there is a major unresolved problem with the software development and subsequent management of these applications and systems. Web service interfaces and implementations may be developed and changed autonomously, which makes traditional configuration management practices inadequate for Web services. Checking the compatibility of these programmable units turns out to be a difficult task. In this paper, we present a technique for checking compatibility of Web service interfaces and implementations based on categorizing domain ontology instances of service description documents. This technique is capable of both assessing the compatibility and identifying incompatibility factors of service interfaces and implementations. The design details of a system model for Web service compatibility checking and the key operator for evaluating compatibility within the model are discussed. We present simulation experiments and analyze the results to show the effectiveness and performance variations of our technique with different data source patterns.

SOAlive aims at providing a community-centric, hosted environment and, in particular, at simplifying the description and discovery of situational enterprise services via a service catalog. We argue that a service community has an impact not only on users and services, but also on the environment itself. Specifically, our position is that a service catalog adds value to users, and is itself enriched, by its incorporation into a community-centric service hosting environment. In addition, analyses of web services directories suggest that a catalog service for enterprise services can be better provided by using a simpler content model that better fits REST, taking advantage of collaborative practices to annotate catalog entries with informal semantic descriptions via tagging, providing a mechanism for embedding invocations of discovered services, and allowing syntactic descriptions to be refined via usage monitoring. The SOAlive service catalog defines a flexible content model, a discovery function that navigates the cloud of tag annotations associated with services in a Web 2.0 fashion, and a service description refinement function that allows the actual use of a service to refine the service description stored in the catalog.

This paper describes the “WorldTravel” service-oriented application and testbed. The purpose of the testbed is to provide to researchers an open source venue for experimenting with and evaluating ideas, methods, and implementation options for service-oriented architectures and applications. Built upon standard service technologies, the WorldTravel testbed offers implementations of services and service interactions specific to the WorldTravel application, comprised of (1) a substantive back-end that includes a simple airline pricing/ticketing engine, with a representative flight database, both structured similarly to those used by companies actually offering such services, (2) a front-end for travel services interacting with mid-tier request processing and routing services, and (3) load traces from the corresponding business applications that are used to drive the use of WorldTravel and its services.

We call WorldTravel a testbed rather than benchmark because its design permits extension at both the front-end, e.g., to add interesting new services like weather information about possible travel destinations, and at the back-end, e.g., to add payment services. This paper identifies the need for testbeds like WorldTravel, considers the attributes required of such testbeds, describes our current testbed in detail, and presents an initial testbed evaluation. It also describes the actual production-quality system on which WorldTravel is based.

In many practical applications, trade-offs involving non-functional attributes e.g., availability, performance play an important role in selecting component services in assembling a feasible composition, i.e., a composite service that achieves the desired functionality. We present

TCP − Compose

 ⋆ 

, an algorithm for service composition that identifies, from a set of candidate solutions that achieve the desired functionality, a set of composite services that are

non-dominated

by any other candidate with respect to the user-specified qualitative preferences over non-functional attributes. We use TCP-net, a graphical modeling paradigm for representing and reasoning with qualitative preferences and importance. We propose a heuristic for estimating the preference ordering over the different choices at each stage in the composition to improve the efficiency of

TCP − Compose

 ⋆ 

. We establish the conditions under which

TCP − Compose

 ⋆ 

is guaranteed to generate a set of composite services that (a) achieve the desired functionality and (b) constitute a

non-dominated

set of solutions with respect to the user-specified preferences and tradeoffs over the non-functional attributes.

System quality aspects such as dependability, adaptability to a changing runtime environment, and concerns such as cost and provider reputation, are increasingly important in a competitive software service market. Service-oriented system quality is not just a function of the quality of a provided service, but the interdependencies between services, the resource constraints of the runtime environment and network outages. This makes it difficult to anticipate how these factors might influence system behaviour, making it difficult to specify the right system environment in advance. Current quality management schemes for service-oriented systems are inadequate for ensuring runtime system quality as they focus on static service properties, rather than emergent properties. They also offer the consumer only limited control over the quality of service. This paper describes a novel consumer-centred runtime architecture that combines service monitoring, negotiation, forecasting and vendor reputation, to provide a self-managing mechanism for ensuring runtime quality in service-oriented systems.

The advent of Service Oriented Architectures tends to promote a new kind of software architecture where services, exposing features accessible through highly standardized protocols, are composed in a loose coupling way. In such a context, where services are likely to be replaced or used by a large number of clients, the notion of Quality of Service (QoS), which focuses on the quality of the relationship between a service and its customers, becomes a key challenge. This paper aims to ease QoS management in service compositions through a better separation of concerns. For this purpose, we designed QoSL4BP, a domain-specific language which allows QoS policies specification for business processes. More specifically, the QoSL4BP language is designed to allow an architect to specify QoS constraints and mechanisms over parts of BPEL compositions. This language is executed by our ORQOS platform which cooperates in a non-intrusive way with orchestration engines. At pre-deployment time, ORQOS platform performs service planning depending on services QoS offers and on the QoS requirements in QoSL4BP policies. At runtime, QoSL4BP policies allow to react to QoS variations and to enact QoS management related mechanisms.

Modeling inter-organizational business processes identifies the services each business partner has to provide and to consume as well as the flow of interactions between them. A model-driven approach to inter-organizational business processes allows abstracting from the underlying IT platform and, thereby, guarantees to survive changes in technology. UN/CEFACT’s Modeling Methodology (UMM), which is defined as a UML profile, is currently one of the most promising approaches for modeling platform-independent business collaborations. However, well defined mappings to most of the current state-of-the-art candidate platforms are still missing. A candidate platform of growing interest is the Windows Workflow Foundation (WF). In this paper, we outline a mapping from the basic UMM building blocks, i.e. business transactions, to business service interfaces (BSI) implemented in WF.

The Business Process Execution Language for Web Services (BPEL) has emerged as the de facto standard for implementing business processes. At the same time, Model Driven Architecture (MDA) is being applied to the field of business process engineering by separating business logic from the underlying platform technology. However, due to the challenge of mapping graph-oriented modeling languages to block-structured ones and the informal description of UML 2.0 Activity Diagram (AD) and BPEL, transforming AD models to executable BPEL code is not trivial. This paper proposes an approach to transform AD to BPEL and paves the way for further general transformation between graph-oriented and block-structured process modeling languages.

This paper presents our approach for optimizing the execution of BPEL (Business Process Execution Language) process by leveraging the features of enterprise intranet and introduces

batBPEL

, a tool for batch invocations of web services in BPEL process. The approach focuses on the decrease of connections by forming batch invocation request of web services in BPEL process. Some empirical experiments and evaluations show and prove the efficiency of our method and related algorithms.

The provisioning of complex services requires tight collaboration between diverse service providers and their customers harmonizing supply and demand chains to a highly flexible, dynamic and decentralized service value network. Peers in such a network autonomously delegate (sub-)tasks which cannot be done efficiently by themselves to other more suitable peers in their community. In this paper, we propose an architecture for such service communities that features decentralized service provisioning based on current Web technologies. In this context, we present an algorithm for efficient service value network formation and show by means of a simulation that sufficiently sized service networks can fulfill practically all customer requests. When compared to the optimal (central) case, there is a modest price increase for the customers but the overall welfare decreases only insignificantly.

With the emergence of service-oriented computing, proper approaches are needed to validate a Web Service (WS) behaviour. In the last years several tools automating WS testing have been released. However, generally the selection of which and how many test cases should be run, and the instantiation of the input data into each test case, is still left to the human tester.

In this paper we introduce a proposal to automate WSDL-based testing, which combines the coverage of WS operations with data-driven test case generation. We sketch the general architecture of a test environment that basically integrates two existing tools: soapUI, which is a popular tool for WS testing, and TAXI, which is a tool we have previously developed for the automated derivation of XML instances from a XML Schema.

The test suite generation can be driven by basic coverage criteria and by the application of some heuristics, aimed in particular at systematically combining the generated instance elements in different ways, and at opportunely varying the cardinalities and the data values used for the generated instances.

Service-Oriented Computing is a cornerstone for the realization of user needs through the automatic composition of services from service descriptions and user tasks, i.e., high-level descriptions of the user needs. Yet, automatic service composition processes commonly assume that service descriptions and user tasks share the same abstraction level, and that services have been pre-designed to integrate. To release these strong assumptions and to augment the possibilities of composition, we add adaptation features into the service composition process using semantic descriptions and adaptive extensions to graph planning.

The Enterprise Service Bus facilitates communication between service requesters and service providers. It supports the deployment of “message flows” from a service requester to one or more service providers. These message flows incorporate different functions such as routing, transformation, mediation, security and logging. In this paper, we propose an AI Planning-based approach for the automated construction of message flows between requesters and providers based on high-level goals specified by the enterprise architect or administrator. This automated construction of flows can be used either in the design phase where a developer or architect is designing the message flows, or it can be used during runtime for the automated reconfiguration or adaptation of the flows in response to changed requirements. The planning model is based on tags, where goals, components, and links in the message flow are described using sets of tags. We describe the planning model and a case study that demonstrates the power of our approach in constructing flows in response to high-level requirements.

An important aspect of service-oriented computing is the ability to invoke services without knowledge of the actual implementation. This requires at least a description of the service interface; better yet is a specification of the complete interaction protocol. This applies to atomic services as well as service compositions. In both cases, however, guaranteeing that a service complies with the promised interaction protocol is crucial for deadlock-free communication. In this paper, we present an analysis method and tool for verifying compliance of service orchestrations with service interaction protocols given as UML models. Our method is part of a larger suite of methods and tools for model driven development of service oriented architectures covering code generation for the Web service stack and other service platforms: MDD4SOA.

We present a technique which enables a novel

specify once, test everywhere

paradigm by exploiting invariants in a reference ontology. In our approach, each service operation is described in an IOPE paradigm: Input, Output, Precondition and Effect. Our approach augments the service description by creating additional service fault specifications to describe the exceptional behaviors which may arise as a result of invariant violations. We describe our invariant analysis technique and present experimental results which justifies the underlying intuition.

Industry and academia are exploring ways to exploit the services paradigm to assist in the challenges of software self-management. In this paper we present a novel approach which aims to bring these two fields closer by specifying the requirements and capabilities within a UML2 model architecture style and illustrating how these model elements are used to generate specifications for dynamic runtime service brokering given different modes of a software system. The approach is implemented in a tool suite integrated into the Eclipse IDE with a prototype runtime service broker engine.

The problem of providing unified web security management in an environment with multiple autonomous security domains is considered. Security vendors provide separate security management solutions for cross-domain browser based and web service based interactions. This is partly due to the fact that different web standards dominate in each space. E.g. Security Assertion Markup Language (SAML) which is an important standard in cross domain single sign on (SSO) specializes in browser based access while WS-* standards focus on security needs of web services. However, cross domain web services are often invoked in context of a secure browser session. Considering these interactions in isolation will lead to a fractured security solution. This paper proposes a solution that provides seamless transfer of security context across various types of cross-doma

i

n web interactions.

Configuring a composite Web service by setting endpoints reduces the cost of development, but raises the probability of a request message triggering runtime execution failures. Previous works on validation of composite Web services are not useful because the application developer cannot modify atomic/composite services and the specifications needed for validation are not always available. Therefore, in this paper, we address two issues: predicting the executability of composite Web services for each request message, and acquiring input specifications to improve the prediction. To resolve these issues, we model atomic/composite services in a formal specification. Moreover, we apply constraint acquisition algorithm to acquire input specifications of atomic Web services. We conduct an experiment in which the proposed method is applied to a composite Web service in practical use. The result shows that our method can detect almost all messages that will trigger execution failure at a rather early stage of specification acquisition.

Collaborative business can become unreliable in terms of authorization policy conflicts, for example, when (1) incorrect role assignment or modification occurs in a service within one organization or (2) messages transferred from one organization are accessed by unqualified roles in other collaborating business partners. Therefore reliability verification based on access policies is critical for business collaboration. In this paper, a role authorization model, Role-Net, is developed based on Hierarchical Colored Petri Nets (HCPNs) to specify and manage role authorization in business collaboration and to verify collaboration reliability according to partners’ authorization policies.

As the range of services available on the Web increase, new value added services can be created by composing existing ones. It is then vital to ensure that compositions of web services are free from errors such as deadlocks and synchronisation conflicts. Current techniques are lacking in this regard because they either (i) do not consider all the different types of temporal relationships that exist between interactions, or (ii) do not support all types of interactions (i.e. only send and receive, not service and invoke). In this paper we introduce an approach that overcomes these problems. First, a communication model is generated by composing interactions of constituent services. Then, the temporal relationships between all the interactions of the communication model are found using a reasoning mechanism. While doing so, these relationships are compared against those specified in descriptions of interaction protocols, to detect any deadlocks or synchronisation conflicts.

Workflows have become a popular technique for describing processes in many different application domains, including Computer Aided Engineering (CAE). State-of-the-art workflow languages lack the necessary modularization techniques and data flow capabilities to express processes in a way that facilitates their design, evolution and reuse. In this paper, we aim to tackle this problem by presenting a conceptual framework for advanced modularization and data flow in workflow systems, which is independent of specific modeling approaches and technologies.

In SOA environments, service providers need to comply with the service level objectives stipulated in contracts with their customers while minimizing the operating costs of the physical infrastructure, mainly related to energy costs. The problem can be effectively formalized by using system identification and control theory: the service levels are translated into set-points for the response times of the hosted applications, and performance are traded-off with energy saving objectives based on suitable models for server dynamics. As the behavior of the incoming workload changes significantly within a single business day, control-oriented system identification approaches are very promising to model such systems, especially at a very fine grained time scales and in transient conditions. In this paper Linear Parameter Varying (LPV) state space system identification algorithms are analyzed for modeling Web services systems. The suitability of LPV models is investigated and their performance assessed by experimental data.

A service provider defines individual services with corresponding service licenses which consumers should follow. Often, service consumers are interested in selecting a service based on certain licensing clauses. For a set of requested licensing clauses by a consumer, there can be several licenses that differ in the set of offered license specifications. Thus, a license aware service selection process includes the discovery of a set of services that meets certain functional parameters and, in addition, the process evaluates these services in order to identify the ones that fulfill a set of license specifications as requested by a consumer. In this paper, we present a methodology and framework for service selection process, based on matching the offered licensing specifications by providers with the requested licensing specifications by consumers.

In the past few years many supervision techniques were developed to provide reliable business processes and guarantee the established SLAs. Since none of them provided a definitive solution, the paper proposes a new composable approach, where a single framework provides the glue for different probing, analysis, and recovery capabilities. The paper introduces the framework and exemplifies its main features.

A key challenge in delivering mobile services is to improve the relevance of discovered services, as mobile environments are very dynamic with rapid changes to user context. This paper presents m-Tableaux - an to optimised semantic reasoning approach to support pervasive service discovery which aims to efficiently leverage the computational resources available of mobile devices. We present performance evaluation of the m-Tableaux optimisation strategies which clearly demonstrate its operational feasibility on a mobile device.

Service provisioning is largely built on agreements specifying the mutual responsibilities of service providers and their customers with respect to functional and non-functional parameters. Current SLA management approaches, i.e. WSLA, WS-Agreement, or WSOL, provide extensive SLA language formalizations and management frameworks. However, they focus on bi-lateral service requester/provider constellations neglecting the SLA management requirements of composite service providers, i.e. managing SLAs with atomic service providers and with composite service requesters and aligning both with each other. A SLA management solution for composite services has to consider the contribution of sourced services - formalized in their (atomic) SLAs (ASLA) - in the management of the provided service - formalized in its respective (composite) SLA (CSLA). This paper presents the novel COmposite Sla MAnagement (COSMA) approach for an integrated management of atomic and composite SLAs during their entire lifecycle. It can be utilized for controlling the relationships between ASLAs/CSLAs and thus serves as the basis for managing and optimizing the SLAs involved in composite services.

Cost of customization, deployment and operation of a software application supporting multiple tenants can be lowered through multi-tenancy in a new application business model called Software as a Service (SaaS). However, there are a number of technical challenges that need to be tackled before these benefits can be realized. These challenges include calculations of resource requirements for multi-tenants with applied constraints in a shared application instance, the optimal placement of tenants and instances with maximum cost savings but without violating any requirements of service level agreements for all tenants in a set of servers. Moreover, previously reported capacity planning and resource allocation methods and tools are not tenant aware. This paper will address and provide novel solutions to these challenges. We also describe the first of a kind, a multi-tenant placement tool for application deployment in a distributed computing environment.

The flourish of SaaS brings about a pressing requirement for Multi-tenancy to avoid dedicated installation for each tenant and benefit from reduced service delivery costs. Multi-tenancy’s intention is to satisfy requests from different tenants concurrently by a single service instance over shared hosting resources. However, extensive resource sharing easily causes inter-tenant performance interference. Therefore, Performance isolation is crucial for Multi-tenancy environment to prevent the potentially bad behaviors of one tenant from adversely affecting the performance of others in an unpredictable manner and prevent the unbalanced situation where some tenants achieve very high performance at the cost of others. Current technologies fail to achieve the goals of both performance isolation and resource share. This paper proposes a Service Performance Isolation Infrastructure (SPIN) which allows extensive resource sharing on hosting systems. Once some aggressive tenants interfere with others’ performance, SPIN gives anomaly report, identifies the aggressive tenants, and enables a self-adaptive moderation to remove their negative impacts on others. We have implemented SPIN prototype and demonstrate its isolation efficiency on the Trade6 benchmark which is revised to support Multi-tenancy. SPIN fits industry practice for a performance overhead less than 5%.

With the advent of the distributed computing model, IT service management has to face ranging from simple point products to entire enterprise frameworks to address the various multi-device systems management challenges. The existing technology offerings rarely solve the entire problem because they are expensive to purchase, difficult to implement, and do not incorporate the full range of features and functions to meet the systems management requirements today’s organizations face. Now, with low-cost information appliances creeping their way into the data center, the only way to truly address today’s heterogeneous IT challenge is to enable systems management capabilities at the service level. IT professionals should be able to simply take management service and accumulated knowledge to improve management performance. A new approach to IT service management is emerging that enables this level of integration. Management as a service (MaaS) enable IT service management to build network management appliances, services and knowledge repository that are extremely flexible and capable of evolving as customer needs evolve. MaaS implementations unify different systems management features and products into a common management environment that spans all system management types. MaaS-based management service offer greater flexibility and more cost-effective implementation than any enterprise framework can achieve. MaaS helps to make full use of the benefits offered by enterprise’s converged network by identifying and resolving problems more quickly, more accurately, less expensively, and with more visibility than silos might be able to achieve on enterprise own.

Migration of legacy systems to service-oriented environments has been achieved within a number of domains, including banking, insurance, manufacturing, and development tools, showing that the promise is beginning to be fulfilled. While migration to Service-Oriented Architecture (SOA) environments can have significant value, any specific migration requires a concrete analysis of the feasibility, risk and cost involved. The Service Migration and Reuse Technique (SMART) is a family of processes to help organizations in making initial decisions about the feasibility of exposing legacy systems as services within a SOA environment. This paper summarizes the SMART-MP (SMART – Migration Planning) process which provides a plan for the migration of selected components to services and identifies the scope for a pilot effort. It presents an application of SMART-MP and also outlines emerging new SMART family members that have resulted from experiences in applying SMART-MP.

Software service organizations typically develop custom solutions from scratch in each project engagement. This is not a scalable proposition, since it depends too heavily on labor alone. Rather, creating and reusing software “assets” is more scalable and profitable. One prevalent approach to building software solutions is to use service-oriented architecture (SOA) to compose software services to support business processes. In this context, the key to reusing assets is to discover (from existing assets in a portfolio) or derive service variants to meet the requirements of a stated business process specification. To that end, this paper presents our Variation-Oriented Service Design (VOSD) algorithm for the same. Via IBM’s Rational Software Architect modeling tool, we also demonstrate the practical usefulness of our algorithm via a prototype implementation in the insurance domain.

A new paradigm, known as Enterprise Mashups, has been gain momentum during the last years. By empowering actual business end-users to create and adapt individual enterprise applications, Enterprise Mashups implicate a shift concerning a collaborative software development and consumption process. Upcoming Mashup tools prove the growing relevance of this paradigm in the industry, both in the consumer and enterprise-oriented market. However, a market overview of the different tools is still missing. In this paper, we introduce a classification of Mashup tools and evaluate selected tools of the different clusters according to the perspectives general information, functionality and usability. Finally, we classify more than 30 tools in the designed classification model and present the observed market trends in context of Enterprise Mashups.

Siena lets users design web applications using commonly available PowerPoint as the modeling/development tool. From PowerPoint, users can model business artifacts and processes, transform applications to a standard representation and then immediately deploy and execute these composite applications on a model execution engine.

Business processes are important for streamlining the operations of public and private enterprises. Over the last decade, capabilities arising from advances in online technologies, especially ServiceOrientedArchitectures (SOA), enabled enterprises to increase productivity, simplify automation, and extend the execution if business processes to various systems in the enterprise. While business process management systems, which allow formodeling, analysis, andmanagement of business processes, are relatively successful, currently, they only cover a fraction of business processes in the enterprise.One challenge inmodern enterprises is that information about business process execution is maintained over multiple heterogeneous systems (e.g., email systems, ERP, document management systems, etc), and rarely there exists a central workflow log, where all process execution information can be found. The next challenge is that the traditional one-view-fits-all fashion of process definition does not scale, as different users may have their own perspective of the business process execution in the enterprise. In such environments, not only one but a space of processes can be defined corresponding to the perspectives of different users or systems involved in the process.

Nowadays, process-aware information systems (PAISs) are widely used for the management of “administrative” processes characterized by clear andwell-defined structure. Besides such scenarios, PAISs can be used also in mobile and pervasive scenarios, such as in coordinating operators during emergency situations [1]. In these pervasive settings, due to highly mobility, operators have to be equippedwith small devices, such as PDAs, and to communicate through ad-hoc networks.

In this demonstration we present the LTSA WS-Engineer Tool Suite. WS-Engineer started as a formal service composition analysis tool for service orchestrations based upon the Labelled Transition Analyser (LTSA). Since its introduction in 2006, the tool suite has grown to consider several areas of service composition engineering, including architecture, behaviour and deployment. The tool is integrated into the Eclipse and IBM Rational Software Architect IDEs.

Content Delivery Networks (CDNs) such as Akamai and Mirror Image place web server clusters in numerous geographical locations to improve the responsiveness and locality of the content it hosts for end-users. However, their services are priced out of reach for all but the largest enterprise customers. An alternative approach to content delivery could be achieved by harnessing existing infrastructure provided by ‘storage cloud’ providers, at a fraction of the cost. MetaCDN is a system that leverages several existing ‘storage clouds’, creating an integrated overlay network that provides a low cost, high performance content delivery network for content creators. MetaCDN intelligently places content onto one or many storage providers based on the quality of service, coverage and budget preferences of participants.

Service Oriented Computing is a potential enabler for popular applications of Named Entity Recognition and Information Extraction. In this demo we show an example of such an application and discuss how Service Oriented Architecture (SOA) makes the application fully flexible and easily extensible. The application brings SOA close to the end-user and gives possibilities hardly possible with other approaches.