This would lose most of the benefits that the SOA efforts would have ..... [9] SOAP Security Extensions: Digital Signature, http://www.w3.org/. TR/SOAP-dsig/.
Phung Huu Phu, Myeongjae Yi
680
KORUS’2005
A Service Management Framework for SOA-based Interoperability Transactions Phung Huu Phu, Myeongjae Yi Applied Software Engineering Lab School of Computer Engineering & Information Technology University of Ulsan Postal address: P.O.Box 18, Univ. of Ulsan, Nam-Gu, Ulsan, 680-749 Republic of Korea Phone: +82-52-259-1647 - Fax: +82-52-259-1687 E-mail: {phungphu, ymj}@mail.ulsan.ac.kr Abstract - Although Service Oriented Architecture (SOA) supports an architecture for robust interoperability transactions, there are many challenges that need to be investigated to develop the infrastructure for such transactions. One of the important problems still not considered is that how to manage these services in an efficient manner in transactions. In this paper, a framework for a more efficient management of services in interoperability transactions has been proposed. The purpose of this framework is to provide a secure and reliable environment for the communication of services in a SOA-based architecture. The framework is a combination of Web services Reliable Messaging Protocol and the security model of our previous work [1].
Keywords: Service Oriented Architecture (SOA), Quality of Services (QoS), service management, interoperability transactions. I. INTRODUCTION Service-Oriented Architecture (SOA) is considered as a next generation of distributed programming paradigm that can overcome the weaknesses of existing distributed computing technologies. The core of SOA is that organization’ systems can exchange data each other via standardized interfaces and can integrate functions into each other’s systems based on Web services because Web services make individual services available to other systems via the Internet [2]. By implementing SOA with a standards-based approach to distributed computing, enterprises’ system can reach the interoperability and provide utilities and services to their businesses and partner in flexible, extensible and platform-neutral manner. However, the problem how to manage these services in an efficient manner in transactions is still missed. By definition, services are distributed and can be offered by many internal and external service providers. Without a deliberate effort to collect, organize and maintain the information about the services that are currently in use, including their sources, costs and specific ways of usage, a service-oriented enterprise will run quickly into an undesirable state of being under
0-7803-8943-3/05/$20.00 ©2005IEEE
managed and economically too expensive to execute. This would lose most of the benefits that the SOA efforts would have brought [13]. SOA or service-oriented computing paradigm is based on Web services framework, which intends to provide a standards-based realization of the service-oriented paradigm. To fully support this paradigm, mechanisms for service composition and quality of service protocols are required. Recently, as the technology continues to evolve, a number of specifications are being proposed to address the areas necessary to support SOA, such as security, reliability, and service composition. However, these Web services specifications are designed modularly, not have a specific solution for a particular transaction. The aim of this paper is to propose a service management framework in which SOA-based interoperability transactions can be executed in reliable, effective, and secure manner. The framework is a combination of Web Services Reliable Messaging Protocol (WS-ReliableMessaging) [3] and our security model described in [1] for SOA-based interoperability transactions. The purpose of this framework is to provide a secure and reliable environment for the communication of services in SOA-based interoperability transactions. The remainder of this paper is organized as follows. Firstly we present an overview of Service-Oriented Architecture (SOA) and show the SOA-based interoperability transactions model. In this section, the detailed model is described and analyzed so that readers can see the benefits of SOA-based interoperability transactions. We then, in section III, propose a service management framework based on Web services Reliable Messaging Protocol and our previous security model for SOA-based which is a combination of combination of related security standards and specifications including PKI architecture, XML signature, XML Encryption and XML Key Management Service (XKMS). In section IV, related works have been discussed and compared with our work. We finally conclude our contribution and specify our future work in section V.
Informational Technologies
KORUS’2005
681
II. SOA-BASED INTEROPERABILITY TRANSACTIONS Traditional information technology infrastructures in which infrastructure and applications were managed and owned by one enterprise are giving way to networks of applications owned and managed by many business partners [13]. It is necessary to have an integration of these different information systems so that enterprises can execute their co-operation business. The challenges of the integration are heterogeneous environment, the desire of fast, effective business process integration, no disruption to existing back-end system. Existing distributed technologies such as CORBA, COM/DCOM, EJB, Java RMI etc, can be applied into interoperability transactions but they are strongly coupled the endpoints and therefore could not become pervasive. For instances, Unix RPC requires binary-compatible UNIX implementations at each endpoint, CORBA requires compatible ORBs, RMI requires Java at each endpoint, COM/DCOM requires Windows at each endpoint. Compatibility and standards are the big problems for this heterogeneous interchange system. Moreover, it maybe difficult or impossible to build applications that can communicate via the Internet environment because most these technologies can not work via firewalls. Fortunately, Service-Oriented Architecture (SOA) based on Web services technologies can overcome the weaknesses of above-mentioned distributed technologies so that it can be applied into heterogeneous system like such an interoperability communication. SOA is also a distributed computing environment and be poised at the inter-section of business and technology, enable enterprises adapt quickly to change environment [2].
Phung Huu Phu, Myeongjae Yi The real value of SOA is the ability to automate largescale business processes, mixing a variety of technologies. SOA is based on Web Services technology, which is software components described via WSDL (Web Services Description Language [5]) that are capable of being accessed via standard network protocols such as SOAP (Simple Object Access Protocol [4]) over HTTP. According to [2][11] and [12], Web services and its related technologies are vital role for communication environment for heterogeneous systems. Web services are self-contained, modular business process applications that are based on the industry standard technologies of WSDL (to describe), UDDI [6] (to advertise and syndicate), and SOAP (to communicate). Web services provide a means for different organizations to connect their applications with one another to conduct business across a network in a platform and language independent manner. Web Services technology is based on XML; therefore, it is possible for any platform and programming language to build an application using Web services. These features of Web services technology can solve the weaknesses of other distributed technologies such as language and platform dependent, inflexible, disruption to existing interfaces of old systems. Fig. 1 shows a SOA-based approach to interoperability transactions. This approach is also proposed model of inter-agency transactions in e-government of our previous work [1]. Using SOA for interoperability transactions by supplying and calling electrical services for integration, the systems can reach the following benefits: + Each system supplies its electronic services by defining and implementing independently Web services interfaces based on the existing back-end system; no disruption of the existing software system.
Fig. 1. SOA-based approach to interoperability transactions
Informational Technologies
Phung Huu Phu, Myeongjae Yi + The systems can communicate with each other by requesting services from the related systems without worrying about platform standards or programming languages. The systems can also adapt functions and services to fit different business processes in an agile, extensibility, flexibility and scalability manner [2]. As business requirements change, it is relatively easy for the IT environment to adapt quickly, which is not the case with traditional legacy systems. + The integration system can share data, information and knowledge more readily through open standards and common protocols. SOA supports more effective communication-both within an enterprise and between an organization and its supply chain-since communications that are not hobbled by incompatible systems. This helps create a distinct competitive advantage for all parties involved. + SOA supports security-enhanced environment and identity management; therefore it can guarantee trust and security for interoperability transactions. In the SOA-based approach, each system specifies the interoperability with others for the integration and machine-to-machine interactions. The transactions of interoperability are created as services using Web services/SOAP interface. Services can be published for integration communications thanks to UDDI specification. Each system, depending on particular business rules, might communicate with other systems by request services via SOAP/HTTP transactions. In general, SOA approach gains the flexibility and scalability, extensibility as well as trust and security in interoperability transactions. III. THE SERVICE MANAGEMENT FRAMEWORK The previous section describes the benefits of SOA and a SOA-based approach to interoperability transactions. Although SOA supplies an architecture for interoperability transactions in effective manner, there are many challenges that need to be investigated to develop the infrastructure for such transactions. In our previous work [1], we have investigated in the transactions of inter-agency in e-government. This work proposed an eGovernment co-operation architecture based on ServiceOriented Architecture approach. A security model for proposed e-government architecture is also described based on a combination of related security standards and specifications including PKI architecture, XML signature, XML Encryption and XML Key Management Service (XKMS). However, the problem how to manage these services in an efficient manner in the transactions is still missed. By definition, services are distributed and can be offered by many internal and external service providers. Without a deliberate effort to collect, organize and maintain the information about the services that are currently in use, including their sources, costs and specific ways of usage, a service-oriented enterprise will run quickly into an undesirable state of being under
682
KORUS’2005 managed and economically too expensive to execute. This would lose most of the benefits that the SOA efforts would have brought [13]. In SOA-based transactions, monitoring the execution of a particular service-oriented solution would require the detailed information about the participating component services as well as how they might be related to one another [14]. In addition, the problem of software component, system or network failures has not been considered yet. Without a proper support for the service management, it can only increase the frustration and cost for using deployed services in SOA-based transactions. To solve these problems, we propose a framework to supply a reliable, secure environment for SOA-based interoperability security model [1] and Web services Reliable Messaging Protocol [3]. In our pervious work, depending on the requirements of SOA-based security transactions and related XML Web services security technologies, an architecture that combines of XKMS, XML Encryption and XML Signature has been proposed for e-Government transactions using SOA. This architecture follows WSSecurity by using credentials in SOAP message with XML Encryption and XML Signature. In this architecture, XKMS is used as a protocol for public key distribution center. The XKMS host plays a role as a CA in inter-agency transactions to distribute and to check the trust of public key in XML Signature and as a key distribution center for public key cryptography using XML Encryption. This is PKI architecture therefore the procedures follow PKI infrastructure. Each system in this architecture must have key pair (public and private key) and register the public key to CA. Each system has to register its public key to XKMS server. A message will be encrypted with partner public key in XML Encryption specification and then signed with the system private key in XML Signature specification. With this model, SOAbased interoperability transactions can reach the authentication, data integrity and non-repudiation of PKI architecture and XML signature. The model also supplies confidential thanks to XML Encryption. The purpose of Web services Reliable Messaging Protocol is to describe a protocol that allows messages to be delivered reliably between distributed applications in the presence of software component, system, or network failures. The protocol is described in this specification in an independent manner allowing it to be implemented using different network transport technologies. To support interoperable Web services, a SOAP binding is defined within this specification. Fig. 2 illustrates the reliable messaging model.
Fig. 2. The reliable massaging model
Informational Technologies
KORUS’2005
683
The figure in next page (fig. 3) shows the structure of our proposed model for the service management framework. There are three main blocks in this framework: interoperability control, security control and reliable control. The purpose of interoperability control is to create SOAP message based on service description and business rules. The SOAP message will be transferred to security control if a secure exchange of message is required; otherwise, the message will be transferred to reliable control module. This workflow is used for service requester and described in detail in fig. 4. The security control uses the security model proposed in our previous work (see [1] for detail). Depending on WSDL
Phung Huu Phu, Myeongjae Yi of each service, this control block will encrypt and then sign SOAP message following proposed protocol. The reliable control model uses WS-ReliableMessaging protocol to manage the transactions of services. According to [3], endpoints which implement the WSReliableMessaging protocol provide delivery assurances for the delivery of messages sent from the initial sender to the ultimate receiver. The protocol supports the endpoints in providing these delivery assurances. It is the responsibility of the source and destination to fulfill the delivery assurances in the Sequence’s policy declarations, or raise an error and terminate the Sequence.
Fig. 3. The service management framework Browser service/ get WSDL
Service requires security?
N
Y Trust and security processing Precondition for reliable transaction Sending and waiting for acknowledgement or re-send data
Fig. 4. Flow model for service management
Above-mentioned flow is used in service requester side. In service provider side, when receiving a SOAP message, service provider also follows WSReliableMessaging protocol to transact with service
requester in order to guarantee the reliable of transactions. If a transaction is needed in secure one (described in WSDL of particular service), the abovementioned security model is used to check integrity and decrypt the SOAP message. Therefore, this framework supplies a reliable, secure environment for SOA-based interoperability transactions. IV. RELATED WORK Since service-oriented paradigm provides a distributed computing infrastructure for both intra- and crossenterprise application integration and collaboration, it has become a vital role in modern application integration. Many research papers have focused on such new trend. Some papers have applied Web services and SOA paradigm to propose architectures for business transactions. For instance, the main contributions of project [16] is the design of a infrastructure based on Service Oriented Architecture specifically tuned for Business Communities and organized in such a way to support the stepwise deployment. Nevertheless, such papers did not investigate on quality of service aspects in their model. The framework proposed in [15] is a service
Informational Technologies
Phung Huu Phu, Myeongjae Yi composition framework to support a Web services-based approach for developing business integration solutions. The authors also examine SOA-based approach in the framework, however, according to the authors, security problem in transactions is one remain additional area of the paper. F. Curbera et al. [11] describe how Web services are evolving from the basic operations in the SOA foundation layer to support robust business interactions in the composition layer. However, this paper just introduces Web services stack, not a specific solution to support SOA-based transactions. The problem how to manage long-duration transactions in Web services is identified in [12]. The authors introduced a specification called OASIS BTP which can solve the problem that transactions are executed in a loosely coupled environment like the Web. These researches only show a general solution, do not focus on constructing a framework that supports interoperability transactions. Besides, the work in [13] has a purpose that similar to the purpose of our paper, but they follow a different approach for service management framework. They propose a framework for a more efficient management of services in which the creation and maintenance of enterprise solutions are modeled by flows, finite state machines (FSMs) among other formal models. The secure aspects in this paper are not investigated. And in [14], the authors address the problem of transactional coordination in service-oriented computing and introduce the concept of and system support for transaction coupling modes as the policy-based contracts guiding transactional business process execution. The work in [17] also focuses on SOA-based environment and investigates on service management. The architecture in [17] is based on the concepts from QoS management frameworks as defined by ISO, W3C, and OMG. It is designed based on service-oriented architecture principles. It can be used as one of the services in enterprise service oriented architectures. In summary, SOA supplies a new trend for interoperability transactions. Aiming to leverage the heterogeneity of the IT landscape, its key enabler is in the definition of a modular technology stack based on open, XML-based standards. Many papers mentioned above have investigated on SOA and its applications. Each paper has different approaches for particular solutions and does not have a solution for both reliable and secure environment in SOA-based interoperability transactions. The framework in our paper supplies a secure and reliable environment for the communication of services in a SOA-based architecture with different approach from other researches.
684
KORUS’2005 been proposed to supply the reliable, secure environment for SOA-based interoperability transactions. The reliable of this framework is based on WS-ReliableMessaging protocol. The security aspect is a combination of SOAP message security, XML Signature, XML Encryption and XKMS that ensure the trust and secure transactions including authentication, authorization, data integrity, confidential and non-repudiation. This work is an on-going project. The framework will be examined in detailed prototype. In future work, the implementation of framework will be investigated with some particular platforms. In addition, many research challenges in SOA-based transactions remain unsolved such as handling different message formats, distributed process management, distributed long-running transactions. The framework will be considered these challenges in its implementation. REFERENCES [1]
[2]
[3]
[4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
[14] [15]
[16]
[17]
V. CONCLUSIONS AND FUTURE WORK Our paper shows a SOA-based approach to interoperability transactions and addresses the benefits of this approach. A service management framework has
[18]
P.H. Phu, H.H. Lee, M.J. Yi, “Service-Oriented Architecture: An approach to inter-agency transactions in e-Government”, Proc. International School on Computational Sciences and Engineering: Theory and Applications, March 2-4, 2005. Ho Chi Minh City, Vietnam, pp. 85-95. IBM Inc., “Service-Oriented Architecture and Web services: creating flexible enterprises for a changing world”, ZIFF Davis Media Custom Publishing (2004). C. Ferris, IBM (Editor), D. Langworthy, Microsoft (Editor) at el., Web Services Reliable Messaging Protocol (WSReliableMessaging), A Specification of BEA, IBM, Microsoft and TIBCO, March 13, 2003. SOAP Version 1.2 Part 1: Messaging Framework, http://www.w3.org/TR/soap12-part1/, W3C Recommendation (2003). Web Services Description Language (WSDL) 1.1, http:// www.w3.org/TR/wsdl/, W3C Note (2001). The evolution of UDDI, White Paper, http://www.uddi.org/pubs/ the_evolution_of_uddi_20020719.pdf, (2002). XML Signature, http://www.w3.org/Signature/ XML Encryption Syntax and Processing, http://www.w3.org/ TR/xmlenc-core/ SOAP Security Extensions: Digital Signature, http://www.w3.org/ TR/SOAP-dsig/ XML Key Management Specification, http://www.w3.org/ TR/xkms/ F. Curbera et al., “The next step in Web services”, Communications of the ACM, Vol.46, No. 10 2003, pp. 29-34. M. Little, “Transactions and Web services”, Communications of the ACM, Vol.46, No. 10 2003, pp. 49-54. Ying H., Santhosh K., Jen-Yao C., “A service management framework for service-oriented enterprises”, Proc. IEEE Intl. Conf. on E-commerce Tech., July 06-09, 2004 California. pp. 181-186. S. Tai at el., “Transaction policies for service-oriented computing”, Data & Knowledge Engineering 51 2004, pp. 59–79. Y. Huang and J. Chung, “A Web services-based framework for business integration solutions”, Electronic Commerce Research and Applications 2 (2003), pp.15–26. P. Baglietto, M. Maresca, A. Parodi and N. Zingirian, “Deployment of Service Oriented Architecture for a business community”, Proc. Sixth International Enterprise Distributed Object Computing Conference (EDOC’02), September 17 - 20, 2002. Lausanne, Switzerland, pp. 293-304. G. Wang at el., “Integrated quality of service (QoS) management in service-oriented enterprise architectures”, Proc. 8th IEEE Intl Enterprise Distributed Object Computing Conf (EDOC 2004), September 20-24, 2004. California, pp. 21-32. M.P. Papazoglou and D. Georgakopoulos, “Service-oriented computing”, Communications of the ACM, Vol.46, No. 10 2003, pp. 25-28.
Informational Technologies
KORUS’2005
685
Phung Huu Phu, Myeongjae Yi
Informational Technologies
