Web Services Management - Semantic Scholar

Web Services Management

A depth paper submitted to the School of Computing in conformation with the requirements for the degree of Doctor of Philosophy

Farhana H. Zulkernine

School of Computing Queen’s University Kingston, Ontario, Canada K7L 3N6 Date: June 2, 2007


Farhana Zulkernine

Abstract Web services are software applications that are accessible over the World Wide Web through standard communication protocols, and that provide specific services to the client application. There is an immense potential of composing these distributed services over multiple enterprises and building platform independent, complex, interacting software systems. Multi-vendor service integration can make tremendous economic contribution towards the business community by leveraging Business-to-Business (B2B) communication. The area of Web services has therefore, gained much importance to the research community. Due to the nature of user access over a media like the World Wide Web and the complexity of large composite Web service systems, the acceptance and success of this technology depends on the usability of such systems. To ensure Quality of Service (QoS), efficient management architecture and policies are indispensable. Management of Web services implies monitoring and maintaining the system hosting services to provide QoS as per Service Level Agreements (SLA) made with the customers. Different architectures and approaches have been proposed by researchers to address specific aspects of service management but still there are many unsolved issues that need further research. This paper shows a comparative study of the various aspects, approaches and architectures for Web service management. It concludes with our vision to address this challenging problem using autonomic management approaches.

2


Farhana Zulkernine

Table of Contents 1

INTRODUCTION.....................................................................................................................................4

2

BACKGROUND .......................................................................................................................................7 2.1 WEB SERVICES .....................................................................................................................................7 2.1.1 Evolution of Web Services ..............................................................................................................7 2.1.2 Overview of Standards and Protocols ............................................................................................8 2.1.3 Web Services System and Components ...........................................................................................9 2.2 IMPORTANT RESEARCH TOPICS ..........................................................................................................11 2.3 WEB SERVICES MANAGEMENT ..........................................................................................................15 2.3.1 Service Management Framework .................................................................................................16 2.3.2 Major Challenges in Web Service Management...........................................................................16

3

MANAGEMENT ASPECTS AND APPROACHES..........................................................................18 3.1 3.1.1 3.1.2 3.1.3 3.1.4 3.2 3.2.1 3.2.2 3.2.3 3.3 3.4

IMPORTANT ASPECTS OF SERVICE MANAGEMENT .............................................................................18 QoS and SLAs ...............................................................................................................................18 Recovery .......................................................................................................................................19 Security .........................................................................................................................................20 Optimized Resource Utilization ....................................................................................................20 MANAGEMENT APPROACHES .............................................................................................................21 Centralized Management..............................................................................................................21 Distributed Framework Based Management ................................................................................24 Autonomous Management ............................................................................................................27 INDUSTRY RESEARCH ON WEB SERVICE MANAGEMENT ....................................................................29 COMPARATIVE STUDY BASED ON THE MANAGEMENT ASPECTS.........................................................31

4

SPECIFICATIONS AND STANDARDS FOR WEB SERVICES ...................................................37

5

CONCLUSION........................................................................................................................................41 5.1 5.2 5.3

OPEN PROBLEMS ................................................................................................................................41 OUR VISION, APPROACH, AND FUTURE RESEARCH DIRECTION .........................................................42 SUMMARY ..........................................................................................................................................43

GLOSSARY .......................................................................................................................................................45 REFERENCES....................................................................................................................................................46

3


1

Farhana Zulkernine

Introduction

Web services are the leading Internet based technology and a perfect implementation of Service Oriented Computing (SOC) [1,2]. The evolution of software systems began with standalone applications. With advancements in communication systems, software systems expanded into client-server based systems, then distributed systems and finally emerged as service-based systems [3], which introduced SOC. In service-based systems all applications are considered as services in a large distributed network. These services are basically modular software applications that publish one or more methods that can be called by client applications through standard interfaces. Web services are similar services that follow specific standards to ensure interoperability, and are accessible on the World Wide Web [4]. The characteristics of Web services like fine-grained functionality, standard-based communication, interoperability, and Web accessibility hold great potential for long cherished Business-to-Business (B2B) communication [5,6,7] via cross-vendor service composition. Typically a Web service hosting system comprises several components that can reside on a single or multiple servers [60]. The services can be connected to backend applications, legacy systems or databases to share the processing load required to provide certain services. Due to the cost of building and maintaining functionality in a service, outsourcing and acquiring services from other service providers are becoming increasingly popular. A Web service can also use other Web services, resulting in a composite service system [12]. These structural, functional and networking complexities pose many challenging problems to this new technology in different areas like service discovery [26], composition [27], security [19], and management [29]. For Web service systems in particular, inefficient management results in unsatisfactory performance and can incur huge financial loss [8]. Researchers are working on architecture, policies, specifications, and enhancement of different standards to facilitate the development of Web services management systems [25]. Different approaches and frameworks have been proposed by researchers that often focus on specific management perspectives like ensuring Quality of Service (QoS) [28], Service Level Agreements (SLA) negotiation [30], dynamic reconfiguration [10], error detection [66],

4


Farhana Zulkernine

recovery [37], and security [19]. QoS is generally represented by a statistical metric of the system performance parameters that symbolizes a certain quality of system performance. In order to guarantee the QoS, for business and legal aspects, both the service provider and consumer should first agree upon a specific service level. This contractual agreement is called the SLA, which is a primary economic aspect of Web services management in a corporate environment. Depending on the architectural layout, various management approaches can be categorized in three types: centralized management where one component is performing the management task; distributed management where a framework is proposed for handling different management activities for a Web service system, and autonomic management where most of the management chores are automated and require minimum human intervention. Most of the management related research by the companies contribute to areas like the architecture and implementation of a management infrastructure for Web services [31], specification of event subscription and notification [71], security and trust relationships [72] in a federated Web services architecture, and implementation of automatic SLA [27] among coordinating Web services. A large part of the contributions in the evolution of Web services has been made by the consortiums like the World Wide Web Consortium (W3C) and Organization for the Advancement of Structured Information Standards (OASIS) that standardize and enhance various specifications to ensure interoperability for Web services. Some large companies or coordinated research efforts by multiple organizations contribute to these specifications as well through their own research work and prototype implementations. There are yet many open problems in the area of Web services management like the specification of management policies, error tracking and recovery, transaction management, ranking for automatic service selection, and application level security for Web services that need to be addressed. The services are offered round the clock to an unpredictable number of users on the Internet. Moreover, these systems can be heterogeneous involving different types of back-end software on various platforms and use other Web services. Automated monitoring and reconfiguration of these systems are deemed essential to ensure quality of performance. Our research focuses on Autonomic systems that are self-healing, selfconfiguring,

self-protecting,

and

self-optimizing

5

[24].

We

envision

design

and


Farhana Zulkernine

implementation of autonomic Web services systems as the most effective management approach. Besides configuration and optimization, automated recovery from failure and protection against malicious attacks on the Internet are also important management aspects for Web services.

Paper organization This paper presents the state of the art research on Web service management. Chapter 2 provides background information about the evolution, architecture and standards of Web services and a brief overview of the interesting research problems in the area. Different aspects of Web service management related problems, and the approaches proposed by researchers as solutions are presented in Chapter 3. This is the main chapter in the paper, which also discusses the research and development work being done by various organizations and companies in the area of Web service management, and provides a comparative analysis of the different problem solving strategies. Chapter 4 outlines the various standards and specifications of Web services that have been proposed by different organizations and later published by OASIS and W3C. The fifth and final chapter narrates some of the open problems in the Web service management area and our interest and vision towards the Web service management problem before drawing the conclusions.

6


2

Farhana Zulkernine

Background

This chapter provides an introduction and a brief description of the evolution of Web services, common standards and specifications, components of a typical Web service system, and interesting research topics in the area. Finally the concept of Web service management is introduced with a list of challenging problems that are illustrated further in the next chapter.

2.1 Web Services Web services are software applications that offer specific services to client applications and have Web-based interfaces to provide user access over the Internet through standard communication protocols. Information about accessibility, protocols, and functionality of a Web service is advertised in standard-based registry services like Universal Description, Discovery, and Integration (UDDI) [67] hosted by well-known organizations. Figure 1 shows the Web service life cycle. Client applications and users can look for required services in the UDDI. It provides information about the service such as the functionality of the service, the input and output parameters [23], and other information like the QoS data if available. If a desired service is found, a Service Level Agreements (SLA) [32] can be negotiated between the client and the Web service, if necessary, and then the service can be invoked.

UDDI Registry Service Find

Publish Invoke

Service Consumer

Service Provider

Figure 1: Web Service Life Cycle

2.1.1 Evolution of Web Services The trend in software development is moving towards loosely coupled, fine-grained, component-based architecture, with a view to reducing interdependency and leveraging 7


Farhana Zulkernine

Business-to-Customer (B2C) or Business-to-Business (B2B) [7] collaboration [6]. Starting from process based models, software development has embraced object oriented models and then distributed component object models like Common Object Request Broker Architecture (CORBA) [95], and Component Object Model (COM) [5], which has lead to the future goal of Service Oriented Computing (SOC) [2]. Software systems are largely driven by the underlying network system. With the evolution of the communication media, software systems have also grown from standalone applications to client-server based multi-tier systems over Wide Area Networks (WAN), and finally to Web-based distributed systems. Web services lie in the horizon of these two evolutions that combines SOC with Web accessibility, elevating it to the most desired solution for B2B collaboration.

2.1.2 Overview of Standards and Protocols It is fundamental that Web services are published, described, and accessed based on specific standards to ensure interoperability. There are several standards committees that publish and update the standards to meet the growing demands of Web services. Currently there exist multiple standards for a single purpose as a result of inadequacy of similar standards. For example, there are multiple specification languages to define service composition. However, none of them are complete for describing interdependency, sequence of operations and messages in a composite system comprising multiple Web services. The standards committees are working on integrating similar standards into a single, well-defined standard that addresses all desired perspectives.

Figure 2: Web services standards

8


Farhana Zulkernine

The primary standards for Web services can be organized in a stack based on their use as shown in Figure 2. EXtensible Markup Language (XML) [68] is the basis of all languages used for communications or specifications of Web services. XML Schema describes data types used in an XML representation. The most frequently used message passing protocol for Web services is the Simple Object Access Protocol (SOAP) [69] over the Hyper Text Transport Protocol (HTTP). Web services are published in the UDDI using the Web Services Description Language (WSDL) [70], which is an XML-based specification language for service interfaces and accessibility. XML, SOAP and WSDL are required for publishing, discovering and invoking Web services. The uppermost layer of the stack in Figure 2 shows a subset of many other existing standards and specifications, that were proposed to enable automated service discovery, composition, and management. Business Process Execution Language (BPEL) [73] is used to specify a process comprising multiple Web services. Research on Semantic Web contributed to DARPA Agent Markup Language for Services (DAML-S) [13] that focuses on automating service usage. Web Service Choreography Interface (WSCI) [74] is used for representing interdependency and dynamic behavior of services in composite systems.

2.1.3 Web Services System and Components A Web service requires several components to be hosted on the Internet as listed below: • HTTP or Web server, • Application server, • SOAP Engine, • Web service interfaces and associated backend application, • Optional components – Database systems, legacy systems or other backend related server applications. These components can reside on the same server machine or be distributed among multiple interconnected servers. Figure 3 shows a typical Web service environment. SOAP messages to Web services are received by the Web server. There can be one or more instances of the application server serving as containers to host single or multiple Web services. Messages

9


Farhana Zulkernine

received by the Web server are forwarded to the application servers. These messages are basically XML data bounded by headers and footers containing the messaging protocol. In most cases, the protocol is SOAP and the interpreter used is called the SOAP engine. The engine translates the envelope of the message and after necessary preprocessing, passes the message to the appropriate Web service.

Web Server

Back End Application

Internet SOAP Message

Application Servers LAN

Client Application

Legacy Application

SOAP Engine DBMS WS1 Interface

WS2 Interface

Figure 3: Components of a Web service hosting system Web services are typically applications designed as Java Servlets [76] that process the messages and compose replies to send back to the client. A more complex service can require connections to backend applications, legacy or database systems. These backend applications may reside on separate servers connected to the HTTP server via a Local Area Network (LAN). Thus a complete Web service system can be composed of different components and management of the system implies managing all these components to ensure satisfactory performance. In a more complex setup, the Web service may invoke other Web services, which can initiate a chain process. The process terminates when the final reply is forwarded to the client

10


Farhana Zulkernine

that invokes the first Web service in the process. The services in such chain process can be provided by multiple enterprises and constitute a large cross-vendor distributed system. Figure 4 shows the layout of such a composite Web service system. The client invoking a service may be a user using a Web browser, a client application, or another service. The services in a composite system can be selected and bound either before execution of the system (static composition) or on the fly (dynamic composition), in which case the system is built gradually with each service call. In either case, the structure is based on messages communicated over the Internet between the service requester and the service provider. A Web service can be a service requester and a service provider at the same time. The final response can reach the root or initiator of the system through intermediate service providers or via direct messaging. In Figure 4, arrows represent the message exchanges between service requesters and service providers, WS indicates a Web service, and the system initiators are an application and a user connected to the Internet.

Application

WS

WS WS

WS

WS

WS

WS Figure 4: Composite Web service system

2.2 Important Research Topics Web services are the pioneers of SOC and have immense potential because of their nature, accessibility and versatility. The technology still has many unresolved issues in different areas that extend from development and deployment to the final goal of dynamic service

11


Farhana Zulkernine

composition and maintenance over multiple organizations. Some of the topics that are currently receiving more focus other than Web service management which is illustrated later, are listed below. • Service Discovery The first and foremost requirement and problem of service discovery is proper representation and publication of information about services like input parameters, range of values, response times, deliverables, and other Quality of Service parameters. As multiple organizations currently offer similar services, discovering and selecting the right service has become an important research topic. Efficient query construction, service ranking according to preferred selection criteria, and formulation of decision making mechanisms to select the appropriate service are some of the interesting problems in this area. Service information in the UDDI can be dynamically added, modified or removed by the service providers. Therefore, runtime, or dynamic service discovery and binding can prove to be more efficient and up-to-date than static binding where the service is selected and bound at design time. Moreover, to achieve dynamic service composition, implementation of automated service discovery is essential. All of the published information on the Web may not be intended to be accessed by all users, especially malicious users. Aggarwal et al. [14] present a framework for developing an ontology to facilitate the specification of attribute based matching rules and a constraint based search for Web services. Ontology in general means an explicit formal specification of objects, concepts, and other entities belonging to the same area of interest, and the relationships that hold among them. ebXML [96] is another international initiative taken by OASIS [66] and other organizations that defines registration and discovery mechanisms based on an ontology. Cibrán et al. [45] propose Web Service Management Layer (WSML) and Aspect Oriented Programming (AOP) to leverage service discovery and selection. In this case, the services need to be manually registered with the WSML before they can be used. However, the author suggests how Web Ontology Language for Services (OWL-S) [77], an ontology based language for the semantic Web, can contribute towards automating the discovery process.

12


Farhana Zulkernine

• Semantic Web Services Research on Semantic Web services focuses on machine readability with a view to achieving complete automation of various Web services related activities including service discovery, composition, execution, and monitoring by using standard ontology based languages like DAML-S [13] and OWL-S. Web services are highly standard-based technology intended to provide full compatibility in cross-vendor communication and integration spanning multiple organizations over diversified operating environments. To ensure this compatibility a number of semantics have been proposed for representing service description, properties, behavior, inter-service communication, choreography and composition. The semantics of a service can be described by annotating the service description with respect to service ontology. For example, semantic representation of a service description can enable automatic service selection and composition [61,62,63] by enabling inclusion of necessary information about service properties, input, and output values. Kim and Harp [64] present a framework for developing ontologies suitable for dynamic environments like Web services. In an automatic composition, the system defines control and data-flow by assembling individual services. This offers a great challenge due to the difficulty of mapping user needs to a collection of correlated services where their interim outputs can satisfy each other’s input requirements, and the final deliverable meets the user demands. The ontology for semantic Web services is continuously updated to address the growing needs of semantic representations in various areas of research on Web services. All these representation problems pertain to the area of semantic Web services. • Composition – Static and Dynamic Integration of applications from different organizations popularly known as Enterprise Application Integration (EAI) based on an Application Programming Interface (API) [6] has always been a problem in terms of compatibility and maintenance. A new release of any one component application often requires the integrated software package to be upgraded and tested. This incurs a high Total Cost of Ownership for the organization responsible for building or maintaining the integrated software. Web services are designed to resolve this issue by offering Web accessible interfaces, loose-coupling, and a fine-grained service-based

13


Farhana Zulkernine

architecture. Consequently, composition of Web services offers a revolution in Business-toBusiness communication because of the great potential of dynamically building complex systems by composing services provided by multiple organizations [12]. There can be two different types of compositions based on the time of selection of services in a composite system. In a static composition, services are selected at design time before execution of the system whereas in a dynamic composition, services are selected at the time of execution of the system based on some specific selection criteria. The former can be built and tested prior to execution and thus provide higher reliability than the latter. Since the services can be selected from various organizations, the reliability of a dynamically composed system that does not go through prior testing is difficult to ascertain. Some of the main research topics in this area are: developing static and dynamic composition models [62], various approaches for representation and verification of these models (e.g., formal language specification and automated tool-based verification) [15], architecture for the implementation of service composition [16,17], QoS driven composition [18], message tracking and recovery in a complex composed system [66], and designing information flow models for composed systems [33]. • Web Service Security Security implies confidential, authentic, and authorized access and information exchange. It is currently a very important problem for all Web applications including Web services. HTTP, which is the mostly used for Web communication, is stateless, and therefore, more vulnerable to malicious attacks. Moreover, XML, which is highly readable, is the standard communication language for Web services. Therefore, additional handling is necessary to implement security for Web services. Secured HTTP or HTTPS can be used over SSL (Secure Socket Layer) as the communication protocol with SOAP [20] to provide secure and confidential message transmission in the transport layer. It handles the encryption and decryption of data passed over the network. The XML signature technique can be applied to digitally sign part of the document using XPath and then revert it back to XML [20] to validate integrity of the exchanged information content. For higher security, accessibility can be restricted only to the

14


Farhana Zulkernine

authorized clients that make secured requests to the service by the use of Access Control Lists (ACL) [20], digital signatures, Security Assertion Markup Language (SAML), or eXtensible Access Control Markup Language (XACML) [78]. Further research is being done to design better security features and mechanisms for Web services like WS-Security [75]. Apart from these, message screening, intrusion detection, firewall and other protection mechanisms can be deployed at the service location to guard against malicious attacks or sabotage. Chou et al. [19] presented the security developments for Web services at different layers. A preliminary access control framework for Web services has been proposed by Coetzee and Eloff [21,22]. As it stands today, a complete framework does not yet exist for Web services security, particularly at the application level. More research is needed in order to render a completely secured Web service environment.

2.3 Web Services Management Web service management is a specific case of Network and Systems Management. The increasing complexity of software systems requires multiple heterogeneous hardware and software components to work together to provide some service. For example, in a corporate environment, there can be fax server, email server, database server and a Wide Area Network (WAN) based software, all working together for collecting and storing data sent by the clients. Such systems require network and systems management to ensure proper functioning of the system round the clock. In general, network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks [11]. Performance, configuration, accounting, fault and security managements are the main five management aspects [11]. The various systems management tools and software perform monitoring, reconfiguration, updating, access control, error reporting and repair. For Web services, the management system needs to address additional issues such as the Web media, distributed and heterogeneous nature of clients and system components, and dynamic service composition. Web services have largely evolved during the last few years from standard-based, loosely-coupled, cross-vendor compatible service components to an industry-wide technology having the potential for constructing complex, multi-vendor composite systems. 15


Farhana Zulkernine

It is of utmost importance for the continuing growth and acceptance of this technology that the service providers ensure the QoS desired by the customers. Unsatisfactory performance levels can severely jeopardize the service provider financially in a competitive market [8]. This calls for the specification of desired level of service through an SLA on the customer’s side [35] and efficient management of the Web service system [25] to ensure required service level on the service provider’s side. Besides QoS and SLAs, there are other aspects of systems management like ensuring system security, managing collaborative systems, error tracking, and recovery. Researchers are trying to address these various aspects of Web service management through different approaches and management frameworks.

2.3.1 Service Management Framework A well-designed management framework is needed for managing multi-component systems like Web services. To alleviate the complexity and eliminate the human errors of manual management, these tasks need to be automated using a framework of well-coordinated monitors and controllers, which in general, are called management applications. One way to create a framework of monitoring and management applications is by implementing the Service Oriented Architecture (SOA) [9] within an organization. This provides a network backbone that leverages automatic service deployment, monitoring and maintenance. An automated cluster-based Web service performance tuning infrastructure is presented by Chung and Hollingsworth [36]. Coetzee and Eloff propose a logic-based access control framework [21] for single Web service-based systems. Other proposed frameworks focus on different aspects of Web service management. A comparative study of the various approaches is presented later in more detail.

2.3.2 Major Challenges in Web Service Management Web services are hosted and supported by a number of components as described in Section 1.1.3. These components must be managed harmoniously to render a desired service level for a Web service system. This obviously is far more challenging than managing a single application. Moreover, composite Web services can be created by a collaboration of multivendor Web services. Management of such systems requires a collaborative service

16


Farhana Zulkernine

management framework [12]. As the World Wide Web is an insecure and vulnerable media, the implementation of security and access control frameworks for Web services are drawing much attention these days [19]. The unpredictable nature of workload, accessibility, and interoperability issues also make management of Web service systems a difficult and challenging job. SLA specification and QoS management [30] for Web service systems have gained a lot of attention because of the wide range of user types and requirements. Resource provisioning for cluster-based Web services [36] is another important research problem. Manual management, especially reconfiguration of numerous tunable system parameters of such heterogeneous complex systems, is becoming a nightmare for the system administrators. Researchers are, therefore, seeking solutions to automate various tasks at different levels of system management. IBM’s new drive towards autonomic computing led to a completely new era of systems management [24]. Autonomic systems are characterized by four specific properties: selfconfiguring, self-healing, self-optimizing, and self-protecting. Autonomic systems are envisioned as imperative for next generation highly distributed systems. Web services, in particular, can greatly benefit from autonomic computing because of their dynamic workloads and highly accessible communication media like the Internet [37]. However, many problems need to be addressed in order to materialize the concept of autonomic Web services rendering it as an interesting research topic. Management of Web services offers a number of interesting research problems and challenges as described above. Continuing research on service management is focused towards achieving automated solutions requiring minimum human interventions.

17


3

Farhana Zulkernine

Management Aspects and Approaches

Web services are distributed modular components that provide specific services over the Internet. The loose coupling and fine-grained functionality of these services are primarily intended to promote dynamic selection and composition of services for Business-to-Business communication. However, the heterogeneous structure and the complexity of composite systems initiate multiple management issues that are critical for the success of this technology, from both economic and usability perspectives. Various approaches that have been proposed by the researchers, different companies and business organizations are described in detail in the following sections. The chapter concludes with a comparative study of the various management approaches based on the different management aspects.

3.1 Important Aspects of Service Management Management of Web services in its simplest form refers to monitoring, configuring, and maintaining Web services. Most of the management approaches proposed by the researchers focus on one or more specific aspects, such as maintaining Quality of Service (QoS), Service Level Agreement (SLA), providing secure and controlled access, ensuring automatic recovery, and provisioning the system resources. Some of the approaches further explore automatic service discovery and composition techniques with a view to managing all of the above aspects. These management aspects can, therefore, be used as the criteria for the analysis of the various management approaches.

3.1.1 QoS and SLAs A primary objective of systems management is to provide satisfactory performance to the users. QoS is an expression of the measure of system performance and hence it is also a very important aspect of Web service management. A Web service system can consist of multiple servers and software components. The most common QoS parameter is response time. Depending on the type of the system, other parameters such as memory usage, network

18


Farhana Zulkernine

delay, and queuing time are also monitored. A history of QoS can also serve as a valuable guide for automatic service selection in a dynamic service composition. There are numerous publications on maintaining QoS for various networks and quite a few for Web based systems [28,30,33,38]. In most cases, the process of ensuring QoS is carried out in four steps: monitoring performance data, analyzing the data to build a predictive or reactive QoS model, determining the value of the configuration parameters to achieve a desired QoS based on the model, and modifying those parameters to reconfigure the system. Statistical theories are used in the analysis step to model the workload patterns for both predictive and reactive models. The QoS model varies for different system types. It applies suitable algorithms for specific system types to determine appropriate parameters for reconfiguring the system. To maintain consistency of performance and to avoid falling below the acceptable QoS level, predictive models are now gaining more importance from the research perspective than the reactive models. Ludwig discusses the challenges in delivering QoS as specified by SLAs for Web services, particularly because of the heterogeneity and network QoS in the case of composite services [39]. An SLA may typically define the purpose of the service, authorized parties or customers, period of validity, scope, restrictions, penalties, and service-level objectives like availability, performance and reliability [35]. The service provider is legally bound to provide the QoS as agreed through the SLA. Breach of this agreement can put the business in jeopardy. Monitoring applications are deployed as part of the management applications suite usually at both the customer and service provider’s ends to ensure the validity of the SLA throughout the service duration. Automating the process of creating and maintaining the SLA, especially for composite Web service systems, is one of the most challenging problems in the area of Web service management. It is also very important for the implementation of dynamic service composition.

3.1.2 Recovery An efficient management system should implement mechanisms to recover from minor and possibly major pitfalls in the least amount of time. The recovery mechanism depends on the nature of failure. It can require a simple restart of the failed resource, or a complex error

19


Farhana Zulkernine

tracking process to identify and replace the failed resource. In a composite Web service system, detection and replacement of a failed service with a similar service offers an interesting research problem. Automated service discovery and selection is another popular research topic that can guide service replacement. However, to enable automatic service discovery, a firm management infrastructure has to be in place to address issues such as getting notifications for the dynamically selected services, monitoring, and negotiating SLAs [40,41,44,45]. Ideally replacement of a service in a client application should be done as transparently as possible without affecting other interdependent services. Monitoring applications are deployed within the management framework for automatic notification of any hardware or software failure, or for triggering a restart of the failed component. Resource provisioning also provides quick recovery from failure using replication with automatic resource replacement.

3.1.3 Security Security is a major issue for Web services because of the nature of the network and interoperability. However, currently no standard security framework exists that ensures all the security features such as authorized access, and integrity, authenticity and confidentiality of the information content. Web service management systems should implement protection and verification mechanisms to guard against unauthorized access to classified information, data corruption, and malicious intrusions. Some of the common approaches to implement security features are use of access control lists, security tokens, XML signature, and message encryption and decryption techniques [20,21]. Security policies may be defined and managed at a higher level as part of the management framework. Communicating parties can use these policies to establish and maintain a trust relationship. Furthermore, for specific business partners, a federation can be created and maintained [20] where members carry their own identities, and share and distribute trust relationships.

3.1.4 Optimized Resource Utilization Another important aspect of Web service management is optimum utilization of resources. Due to the bursty nature of Web traffic, it is very difficult to predict the optimum number of

20


Farhana Zulkernine

resources necessary for a Web service-based system. As a result, without a resource sharing and provisioning strategy, resources can either remain under-utilized or may be insufficient to handle user requests at the peak hours. Application of effective resource management results in improved performance in cluster-based Web service environments [36]. A Web service is supported by multiple hardware and software resources. There has been much research on monitoring various resources such as the server queues, CPU and memory, dynamic resource allocation, sharing, and task scheduling to ensure QoS [46,47] for particular servers or cluster-based systems [48]. Managing the resources automatically and replacing resources that fail can also contribute to automatic service recovery.

3.2 Management Approaches Researchers have proposed many different strategies and approaches to address the various management aspects described in Section 3.1. Different large and small Information Technology (IT) companies are also constantly making their contributions toward promoting Web services and blending it into the next generation of software solutions [10]. These contributions are made mostly through research and by marketing miscellaneous tools and libraries to facilitate development of Web services. Some of the larger IT companies are also members of various consortiums working on specifications for Web technologies while their research groups are investigating different specific areas of Web services. IT companies are currently focusing on SLA specification and monitoring with a view to incorporating it into the management framework for Web services. The various management approaches can be categorized based on their implementation infrastructure. A summary of the approaches follows in the subsequent sections.

3.2.1 Centralized Management Centralized management applies single component, controller or server based management solutions where a single central unit carries out the management activities. Fuente et al. [65] proposed Reflective and Adaptable Web Service (RAWS), a Web service design model that is based on the concept of Reflective Programming. Source code

21


Farhana Zulkernine

maintenance can be done using RAWS without hindering the operation of the Web services. It allows the administrators to dynamically modify the definition, behavior, and implementation structure of a Web service during its execution without requiring a shutdown of the service. Technically the design implements behavioral and structural reflection in a two level architecture, base-level and meta-level, to allow modification of one level to be reflected in the other level. While the change is being made to one level, the other level continues providing the service and hence no apparent disruption is noticed.

Figure 5: General architecture of the WSML Bart Verheecke and Maria Cibrán [40,44] proposed Web Service Management Layer (WSML), a middleware to facilitate development and management of integrated service applications. WSML supports client-side service management and criteria-based service selection for dynamic service composition. The rich run-time environment of JAsCo, an Aspect Oriented Programming (AOP) language, is used to modularize implementation of the management functionality within WSML. WSML lies between the client application and the Web services, and receives client requests for specific service types. A new JAsCo Aspect Bean is defined dynamically as required for each management aspect like service selection, billing, caching, and monitoring. JAsCo Connectors are also created dynamically to bind the client application with a specific Web service based on the policies defined in the aspect bean. This architecture, as shown in Figure 5 [45], enables dynamic service selection and

22


Farhana Zulkernine

binding, service swapping, automated billing, caching, and monitoring tasks to be implemented as separate aspect beans holding specific policies. Client-side management is implemented using AOP in client applications [42]. By isolating the management tasks from the service and application codes, and thereby, placing the same in WSML, repetition and maintenance of similar management related code is also avoided. The concept of workflow and process QoS [33,34] is being investigated by a group of researchers at the Large Scale Distributed Information Systems lab (LSDIS) at the department of Computer Science in the University of Georgia. Typically Web services are composed in a workflow and it is necessary to manage the QoS metrics for all the services in the composition. Sheth et al. [38] propose an agent-based Service Oriented Middleware (SoM) that provides an upper level middleware over Web services-based middleware and leverages the development of multi-organizational applications. He refers to the process QoS model discussed by Cardoso et al. [33] that can be used for automatically computing the QoS of a composite Web service workflow process from the QoS metrics of the component Web services. Sahai et al. [49] proposed a Management Service Provider (MSP) model for remote or outsourced monitoring and controlling of E-services on the Internet. The model requires Eservices to be instrumented with specific APIs to enable transaction monitoring using agent technology. An E-Service Manager is then deployed that manages the E-services remotely with the help of several other components. Sahai et al. [32] later proposed an automated and distributed SLA monitoring engine for Web services using the Web Service Management Network Agent (WSMN Agent). The authors also proposed a specification language for SLAs and use of proxy components attached to SOAP toolkits at each Web service site of a composite process to enable message tracking. WSMN Agents monitor the process flow defined using WSFL (Web Service Flow Language) to ensure SLA compliance. WSMN is later described in detail in Chapter 4. Tosic et al. [50] proposed Web Service Offering Language (WSOL) to allow formal specification of important management information such as classes of service, functional and accessibility constraints, price, penalties and other management responsibilities. The author

23


Farhana Zulkernine

also proposed Web Service Offering Infrastructure (WSOI) [51] to demonstrate the usability of WSOL in management and composition of Web services. Dobson et al. [59] proposed a container-based fault tolerant system for general SOA. The container is similar to an Enterprise Java Bean container and contains externally provided services or references to the service endpoints. It implements proxies to pass each incoming service call to the proper replica as selected by a set of pre-specified XML policies, and thus increases the availability and reliability for outsourced services of different types.

3.2.2 Distributed Framework Based Management Web service management systems having a distributed framework based infrastructure are included in this category. In most cases, the frameworks contain multiple distributed components working together to constitute a complete management system. Dan et al. [27] proposed a framework that comprises the Web Service Level Agreement (WSLA) Language, a system to provision resources based on Service Level Objectives (SLO), a workload management system that prioritizes requests according to the associated SLAs, and a system to monitor compliance with the SLA. The framework uses WSLA to specify SLAs in a flexible and individualized way. It implements SLA-based automated management for Web services with a resource provisioning scheme to provide different levels of service to different customers in terms of responsiveness, availability, and throughput. The customers are billed differentially according to their agreed service levels. Deployment of SLA refers to translation of WSLA into system-level configuration information. The parties that provide and supervise the service usually carry out the translations using their own deployment functions as applicable. Aggarwal et al. [14] presented a Web service composition framework METEOR-S (Managing End-To-End OpeRations for Semantic Web services) to create and manage service composition. The framework allows users to define an abstract process with placeholders for services having specific requirements. It then automatically selects and binds Web services based on particular business and process constraints to the abstract process to generate an executable process. The basic approach is to reduce the service composition problem to a constraint satisfaction problem and thereby use multi-phase

24


Farhana Zulkernine

constraint analysis to select the proper Web service to fit into the abstract process. METEOR-S uses semantic Web technology to represent the requirements for each service in the process. The automatic service selection feature facilitates the recovery and maintenance of composite Web service systems. Coetzee et al. [21] proposed a logic-based access control framework for Web services where only one Web service is used in a business solution. In order to protect the methods and resources exposed by the Web services, integrated configuration and development effort is required. Access control policies are defined for decision making on authorization. An intermediate requestor layer receives remote user requests, checks the authentication through identity verification, embeds the authentication information in the SOAP header and passes the request to the service provider. The service provider verifies the authentication data and implements the access control policies to grant authorized access with the help of an authorization manager.

Figure 6: Active Harmony automated tuning system. An automated cluster-based Web service performance tuning infrastructure is presented by Chung and Hollingsworth [36] as shown in Figure 6. In a cluster-based system a collection of machines are grouped into different sets, where each set performs a specific chore to provide the Web service. The paper proposes single or multiple Active Harmony servers for adaptive tuning of cluster-based heterogeneous Web service systems using parameter replication and partitioning to speed up the tuning process. It also presents and evaluates a technique for resource sharing and distribution to allow Active Harmony to 25


Farhana Zulkernine

reconfigure the roles of specific nodes in the cluster during execution to further boost up the performance. In the Active Harmony framework, applications and services reveal tunable set of parameters through API (Application Programming Interface). These parameters are dynamically tuned by the Active Harmony server based on the workload, past performance history as recorded in a database, and the current performance level. The core part of the server is a controller that implements optimization algorithms for determining the proper value of the tuning parameters. The self-tuning property of the Active Harmony framework makes it eligible to be considered under the Autonomous management category as well.

Figure 7: Performance management system for cluster-based Web services. Levy et al. at IBM Research [52] proposed an architecture and prototype implementation of a performance management system for cluster-based Web services as shown in Figure 7. The system performs resource allocation, load balancing, and server overload protection. It uses an inner level management for queuing and scheduling of request messages, and an outer level management for implementing a feedback control loop to periodically adjust the scheduling weights and server allocations of the inner level. Average response time is used as the performance metric for a given cluster utility function. The system supports multiple classes of Web services traffic and allocates server resources dynamically to maximize the expected value of the utility function. However, it requires users to use a subscription interface to register with the system and subscribe to services.

26


Farhana Zulkernine

3.2.3 Autonomous Management With the rapid growth in the size and complexity of software systems, it is becoming humanly impossible to efficiently manage these large systems having numerous configuration parameters and unpredictable workloads. Researchers are therefore working towards designing self-managing systems that can maintain and reconfigure themselves to adapt to changing workloads requiring minimum human intervention. IBM took the primary initiative in this respect and proposed the term Autonomic Computing [24] for systems featuring the following four properties: • Self-configuring: Have the ability to define themselves on-the fly to adapt to a dynamically changing environment. • Self-healing:

Have the ability to identify and fix the failed components without introducing apparent disruption.

• Self-optimizing: Have the ability to provide optimal performance by automatically monitoring and tuning the resources. • Self-protecting:

Have the ability to protect themselves from attacks by managing user access, detecting intrusions and providing recovery capabilities.

It is quite difficult to achieve all four of these properties in any system and currently fully autonomic systems do not exist. Researchers are now working on achieving partial autonomic behavior through various control mechanisms, which are in most cases, additions to the main system and therefore increase management overhead to some extent. However, the autonomic approach is still being investigated for different types of systems because of the potential benefits it promises as an ultimate system management solution. Control Theoretic approaches have been proposed by some researchers where performance feedback and feed-forward loops are used respectively in reactive and predictive manners to design and implement controllers. These controllers can dynamically manipulate the control switches, modify configuration parameters, or implement additional queues based on the performance data to provide optimal throughput. Performance of computing services is closely related to the status of various system queues. At high load, these queues act as integrators of flows, and hence can be described by difference equation models that are amenable to control-theoretical analysis. Abdelzaher, Lu and Zhang [47]

27


Farhana Zulkernine

proposed a middleware called ControlWare to embody control-theoretical methodology for QoS provisioning for software services. This middleware provides a generic interface between the computing and control sub-systems of a software application, and automates many parts of the feedback control design and implementation for software systems. The control mechanism guarantees QoS through optimized allocation of system resources like various queues and cache sizes to different processes. Bennani and Menascé [46] present self-managing computer systems by incorporating mechanisms for self-adjusting the configuration parameters so that the QoS requirements of the system are constantly met. They proposed an approach where analytic performance models are used with combinatorial search techniques for designing controllers that run periodically to determine the best possible configuration for the system given its workload. The approach was implemented and tested using workload forecasting techniques for a Web server system that was subjected to a variable workload in terms of inter-arrival time and service time of the incoming requests. Ken et al. [37] proposed a way to extend the general architecture of Web service systems to add high availability and autonomous behavior. Scalability and availability are important issues for Web services as they often entail very large deployments i.e., offer services round the clock to an unlimited number of users. The authors refer to WS-Events, WS-Transaction and WS-Reliability while discussing different ways of handling failed transactions or providing reliable messaging. The architecture includes monitoring systems for Web services, server-side distributed components, and for checking the status of a request on the client side; a consistent and reliable messaging system using information replication over multiple servers, data dissemination mechanism using multicasting for replication purposes and an event notification system using WS-Events standards. Overall the framework focuses on reliable messaging, speedy recovery and failure protection in order to implement high availability, fault tolerance and autonomous behavior for Web service systems. A framework for deployment and subsequent autonomic management of componentbased distributed applications has been proposed by Dearle et al. [53]. In their work, they use DELADAS (DEclarative LAnguage for Describing Autonomic Systems) to define the deployment goals by specifying constraints over available resources, components mappings

28


Farhana Zulkernine

and interconnection topology. An Autonomic Deployment and Management Engine (ADME) includes a Deladas parser and a constraint solver. It is used to find a configuration that satisfies the goal, and the configuration is deployed automatically using the Cingal infrastructure [54]. Autonomic management is implemented using a Monitoring ADME that monitors the system for deviations from pre-specified goal or changes in the goal due to revised system requirements. If a deviation or change in the goal is detected, the configuration finder and deployment cycle is repeated automatically to generate a revised deployment. The proposed framework mainly addresses the self-configuration and selfhealing aspects of autonomic management. Tian et al. [60] proposed an architecture for an autonomic Web services environment that addresses the self-configuring and self-healing aspects. In their framework, each component of the environment is augmented by an autonomic manager that automatically tunes the associated component with varying workload. A higher level site manager oversees all the autonomic managers to maintain a desired QoS for the entire site hosting one or multiple Web services. The architecture is described in more detail in Chapter 5.

3.3 Industry Research on Web Service Management Hewlett-Packard Company (HP): WSMN HP Laboratories at Palo Alto has been working on Web Services Management Network (WSMN) [56] with a view to managing Web services that interact across administrative domains in a composite Web services system. The WSMN architecture is based on SLAs to formalize relationships across domains and uses a network of cooperating intermediaries (Figure 8) for federated service management. Each intermediary is implemented as a proxy sitting between a service and the outside world, and communicating with each other through a set of protocols. These protocols are also defined by the network for the intermediaries to collaborate for managing service relationships expressed through SLAs. If no SLAs are defined, implicit SLAs are introduced solely for management purposes while explicitly defined SLAs are adapted, if necessary, to make them manageable. To facilitate automated

29


Farhana Zulkernine

SLA management, an SLA specification language has also been defined by the researchers based on a managed object model for Web services. Three classes of protocols have been defined and used by WSMN [56]: life-cycle protocols are the basic protocols used for dealing with initiation and sustenance of the WSMN; measurement protocols provide the support for secure and trusted message exchange for SLA measurement specifically when indirect information exchange is necessary for a multiparty service execution; assurance protocols are higher-level protocols executing more complex interactions, related to run-time optimization and control of SLAs. The intermediary is embedded in the SOAP router which contains WSMN engines for measurement and SLA management, WSMN protocol implementations, and applications that exploit the engines and protocols.

Figure 8: Web Services Management Network (WSMN) [56] HP: Web Services Management Framework (WSMF) 2.0 After WSMN, HP proposed Web Services Management Framework (WSMF) [31], which defines a general framework for managing different types of resources including Web services. It uses common management interfaces and events with Web service technology, because of all its benefits, and the ability to expose the interface while hiding the implementation. The framework defines and uses three main concepts: WSMF-Foundation specifies the basic mechanisms for management using Web services, WS-Events introduces

30


Farhana Zulkernine

a Web services-based event subsystem, and WSMF-WSM describes management of Web services using WSMF. Each resource managed by WSMF is represented as a Managed Object and described using WSDL. Managed objects are basically Web services having interfaces for specifying attributes, operations, notifications, and inter-relations. Relations among different managed objects need to be defined in a model to manage the system as a whole. The framework is capable of providing a number of management functions including discovery of the management WSDL definitions, the relations, and event notifications of the managed objects; registration and retrieval of event notifications; monitoring, auditing, and controlling various aspects and attributes of managed objects by utilizing the supported management operations. It also addresses scalability issues by allowing multiple operations or notifications to be expressed in a single message; however, it only allows generic security measures such as use of HTTPS, SSL certificates, access control mechanisms at the API level to be implemented. WSMF was submitted to OASIS for standardization and was later published as WSDM [83].

3.4 Comparative Study based on the Management Aspects The approaches described above are compared in the following table based on the various

Type Middleware Framework

Dan et al. [27]

Sheth et al. [38]

Ref.

management aspects. QoS/SLA

Security

Recovery

Resource Provisioning

QoS of each WS is computed to determine the QoS of a composite WS system

N/A

N/A

N/A

Provides SLA based differential services, with compliance monitoring, and workload management

N/A

N/A

Includes resource provisioning unit

31

Comments

Agent-based SoM where each agent computes the QoS of associated WS. Workflow QoS is computed using the model proposed by Cardoso et al. [33] WSLA-based framework, also contains a unit to create service offering

Type

QoS provisioning for software services

N/A

N/A

Optimized resource allocation using feedback control loop

Design and implementation of ControlWare using Controltheoretical methodology

WSMN Agents used as proxies monitor process flow to check SLA compliance QoS for a given workload is maintained by automatic reconfiguration N/A

N/A

Proxy components assist in message tracking N/A

N/A

The approach proposes an Automated distributed SLA monitoring engine

N/A

Analytical performance model is used to find the best configuration for feedback controller

Security

N/A

Recovery


Comments

Reflective programming is applied in a two level architecture

N/A

RAWS is proposed for dynamic update and source code maintenance for WS

QoS is maintained through resource provisioning

N/A

N/A

Constraints on resources are analyzed to determine configuration for deployment

Both client and server side monitoring and management ensures QoS

Possible by definition of Aspect Bean

N/A

WSOI [51] is used to monitor and account for QoS specified using WSOL

N/A

Failed service is replaced using dynamic service selection and composition N/A

Autonomic managers are used to tune associated components to maintain QoS

N/A

Automatic tuning is done or failed component is restarted if necessary

N/A

Automatic deployment of distributed applications where deployment goals are given as a set of constraints on available resources WSML lies between the client and server, uses AOP to define separate Aspect Beans for each management aspect and allows criteria based dynamic service selection WSOI [51] is used to manipulate and use WSOL [50] that provides a formal specification of service offerings A hierarchy of autonomic managers work interactively to ensure QoS and SLA compliance

Middleware

Framework

Model-based

N/A

WSOL and Framework

Controller

Framework

QoS/SLA

Middleware

Farhana Zulkernine

Framework

Tian et al. [60]

Tosic et al. [50,51]

Verheecke et al. [40,44]

Dearle et al. [53]

Fuente et al. 65]

Bennani et al. [46]

Sahai et al. [32]

Abdelzaher et al. [47]

Ref.


32

N/A

Security

N/A

N/A

N/A

Predefined XML policy controls the access and selection of service replica N/A

Dynamic service selection and composition enable recovery by replacement Use of replica for quick recovery


Comments

N/A

Dynamic creation and management of service composition using semantic service discovery in METEORS

N/A

Container-based fault tolerant system for SOA

Reliable messaging and eventbased notification used for failure protection and speedy recovery Recovery is done by dynamic resource distribution

N/A

Extension of the general architecture of WS to support high availability, fault tolerance, and autonomous behavior

Resource sharing and distribution among nodes in the cluster

Dynamic reconfiguration of tunable parameters of applications and services using Active Harmony server

N/A

Framework

Ensures high availability using both client and server side monitoring

Recovery

Inner level management performs weighted request queuing and scheduling

N/A

N/A

Framework

Framework

Prototype system

Framework

Type

QoS/SLA

Farhana Zulkernine

Dynamic reconfiguration and resource provisioning are used to improve QoS

Outer level management performs server allocation

A performance management system for cluster-based Web services. Users need to subscribe prior to using the services.

N/A

Predefined access control policies are used for authorization and identity verification.

N/A

N/A

Logic-based access control framework for WS. The framework does not support composite WS.

Framework

Coetzee et al. [21]

Levy et al. [52]

Chung et al. [36]

Ken et al. [37]

Dobson et al. [59]

Aggarwal et al. [14]

Ref.


33


Farhana Zulkernine

The various approaches summarized in the above table address one or more of the management aspects but not all of them. Cardoso et al. [33] show the detailed general mathematical model to compute individual process QoS and then to combine the QoS to calculate the integrated workflow QoS. Sheth et al. [38] introduce an additional agent based middleware for computing the QoS of individual Web services and use the model proposed by Cardoso et al. to compute the process QoS of a composite service system. However, none of these approaches discuss improving the overall workflow QoS of a composite Web service system or address the other management aspects. Dan et al. [27] present a more comprehensive distributed framework of an SLA based Web service management system that contains a service offering unit, a workload management unit, and a resource provisioning unit. The workload management unit distributes the workload to provide different services to different customers based on the predefined SLA. Sahai et al. [32] propose a less comprehensive agent based WSMN that enables message tracking to monitor SLA compliance using intermediaries as proxies. This approach requires additional management of the intermediaries and definition of special protocols for the intermediaries to communicate within themselves securely. Tosic et al. propose [50,51] WSOL for formal specification of service offerings and also presents WSOI to use WSOL. The design of WSOI mainly focuses on the application and manipulation of WSOL and hence does not serve as a complete infrastructure for Web service management. The framework proposed by Levy et al. [52] applies two-level management approach in a cluster based system where the outer level does server allocation and the inner level performs queuing and scheduling of the requests. However, the clients need to subscribe to the service prior to using it, which adds an overhead for dynamic service composition. Abdelzaher et al. [47], Bennani et al. [46], Chung et al. [36], and Tian et al. [60] propose management approaches that perform parameter tuning and reconfigurations to maintain QoS. Abdelzaher et al. use control theory to design the feedback control framework augmented by elements of scheduling and queuing theory for resource provisioning. Bennani et al. implement a performance evaluation model to search for the best configuration parameters to use with the controller but the approach does not support resource provisioning. Chung et al. also apply parameter reconfiguration using the Active Harmony

34


Farhana Zulkernine

server. However, Active Harmony can only tune parameters that are registered with the server by the applications and services. In a cluster environment, it also performs resource sharing and distribution and thereby supports quick recovery. Tian et al. use a hierarchy of autonomic managers to maintain QoS in a varying workload. Each autonomic manager automatically tunes an associated component using reflecting programming. However, none of the above approaches provide access control. The recovery aspect has been addressed by Dobson et al. [59], Ken et al. [37], Aggarwal et al. [14], and Fuente et al. 65] in different ways. Dobson et al. designed a fault tolerant system that provides policy based access to different replica of Web services and thus facilitates recovery. However, it is difficult to apply rollback or other fault tolerance mechanisms in case of Web services, especially in composite systems. Ken et al. propose using the standards for reliable messaging to implement event-based notification. The approach emphasizes the importance of high availability in Web based systems and proposes both client and server side monitoring for failure detection and speedy recovery. Aggarwal et al. use the METEOR-S framework to dynamically select and compose Web services into a workflow process. In case of failure of a service, another service can be dynamically selected and replaced to allow quick recovery. A bi-level architecture is proposed by Fuente et al. [65] that implements reflective programming to enable dynamic source code update for Web services and thus facilitates deployment and recovery. Dearle et al. [53] also present an autonomic management approach that focuses on service deployment given a set of constraints on the available resources as deployment goals. Both of the approaches presented by Fuente et al. and Dearle et al. have very limited contribution with respect to the management aspects and mainly focus on the service deployment. Verheeke et al. [40,44] propose WSML middleware to implement each management aspect using separate Aspect beans in AOP. The middleware incurs additional overhead to the system but facilitates the modular implementation of various management aspects such as dynamic service selection and replacement for recovery, access control, and both client and server side management. Coetzee et al. [21] propose a policy based access control framework for single Web service based systems. However, the approach does not support composite Web service systems.

35


Farhana Zulkernine

The above analysis reveals the fact that no single approach provides a complete solution to the problems of Web service management. Further research is necessary to address the various open problems in the area that are discussed in detail in Chapter 5.

36


4

Farhana Zulkernine

Specifications and Standards for Web Services

Numerous specifications exist for Web services. This chapter outlines1 some of the management related specifications and standards for Web services. The Web service specifications are designed to be composed with each other to provide a rich set of tools for building secure, stable, and reliable Web service frameworks. These specifications are standardized by two main consortiums in order to ensure interoperability. The World Wide Web Consortium (W3C) [79] develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential and elevating general Web communication and coordination. This also contributes to Web services composition through standardization of specifications like XML [68], the semantic Web [77], XQuery [80], XPath [81], and XSLT [82]. The Organization for the Advancement of Structured Information Standards (OASIS) [78] works on standardizing various infrastructure and implementation related specifications for Web services. Some of these specifications are listed in the following table. OASIS Standard

Description

Web Service Distributed Management (WSDM) By WSDM Technical Committee (TC), V 1.0 Approved March 2005

WSDM enables management applications to be built using Web services, allowing resources to be controlled through a single interface by multiple managers [83]. It consists of two parts: Management Using Web Services (MUWS) defines how an IT resource is connected to a network and provides manageability interfaces to support local and remote control; Management of Web Services (MOWS) builds on MUWS to address management of the Web services endpoints [58] using WS protocols. SAML leverages core Web services standards like XML, SOAP, Transport Layer Security (TLS), XML signature, and XML encryption [84]. It enables the secure exchange of authentication, attribute, and authorization information between disparate security domains, making vendor-independent single sign-on secure e-business transactions possible within federated networks on the Web.

Security Assertion Markup Language (SAML) By Security Services (SS) TC, V 2.0 Approved March 2005

37


Farhana Zulkernine

OASIS Standard

Description

eXtensible Access Control Markup Language TC (XACML) By XACML TC, V 2.0 Approved Feb. 2005

XACML [85] is an XML-based language for expressing well-

WS-Security By Web Services Security (WSS) TC, V 1.0 Approved Apr. 2004 WS-Reliability By WSRM TC, V 1.1 Approved Nov. 2004

established ideas in the field of access-control policy. It provides profiles for SAML 2.0, XML Digital Signature, Privacy Policy, Hierarchical/Multiple Resources, and Role Based Access Control (RBAC). WS-Security provides an industry standard framework for secure Web services message exchanges [75]. It includes five different profiles: SAML Token, Rights Expression Language (REL) Token, SOAP Messages with Attachments (SWA), Kerberos Token, and Minimalist profiles. WS-Reliability includes WS-ReliableMessaging and provides a standard, reliable, and interoperable way to guarantee message delivery to applications or Web services.

WS-Policy, WS-PolicyAttachment, and Web Services Policy Language (WSPL) The Web services Policy Framework (WS-Policy) [86] provides a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of entities in an XML Web services-based system. WS-Policy defines a framework and an abstract model for the expression of these properties as policies. A policy is generally defined as a collection of policy alternatives, where each policy alternative is defined as a collection of policy assertions. Policy assertions may be an authentication scheme, a transport protocol selection scheme for information transmission, or attributes such as QoS characteristics, and privacy policy. Web Services Policy Attachment (WS-PolicyAttachment) [86] defines how policies are discovered or attached to a Web service or other entities. It describes two general-purpose mechanisms for associating policies with the subjects to which they apply. This specification also defines how these general-purpose mechanisms may be used to associate WS-Policy with WSDL and UDDI descriptions. Web Services Policy Language (WSPL) [55] proposed by Sun Microsystems extends WSDL to allow the encoding and attachment of QoS information to services in the form of reusable service policies [86]. WSPL is suitable for specifying a wide range of policies, including authorization, quality-of-service, quality-of-protection, reliable messaging, privacy,

38


Farhana Zulkernine

and application-specific service options. It supports comparing and merging of two policies, resulting in a single policy that satisfies the requirements of both, assuming such a policy exists. Thus it provides a framework for policy exchange for Web services interaction and composition. WSPL includes WS-PolicyAssertions, WS-PolicyAttachment, and WSSecurityPolicy. WSPL has evolved from WS-Policy. It is based on XACML and is under consideration to become the standard policy language for use with Web services. Other Specifications Web Services Events (WS-Events) Version 2.0 from Hewlett Packard [87] describes an XML syntax and a set of processing rules for advertising, subscribing, producing, and consuming Web services events. An Event is an abstract concept that is physically represented by a Notification. Notifications flow from Event Producer to Event Consumer using asynchronous (push) or synchronous (pull) delivery modes. Web Services for Management (WS-Management) [88] is a multi-company effort (Sun, Microsoft, Intel, AMD, and Dell) to promote interoperability between management applications and managed resources. This specification describes a general SOAP-based protocol for Web services for managing systems such as PCs, servers, devices, Web services, and other applications or manageable entities. It identifies a core set of Web service specifications such as WS-Addressing [89], WS-Eventing [71], WS-Enumeration [90], and WS-Transfer [91], and usage requirements to expose a common set of operations that are central to all systems management. WS-Addressing from W3C provides transport-neutral mechanisms to address Web services and messages. The other standards were proposed by different multi-company efforts for the implementation of WS-Management. WS-Enumeration describes a general SOAP-based protocol for enumerating a sequence of XML elements to traverse logs, message queues, or other linear information models. WS-Transfer describes a general SOAPbased protocol for accessing XML representations of Web service-based resources. WSEventing describes a protocol that allows Web services to subscribe to or accept subscriptions for event notification messages.

39


Farhana Zulkernine

Microsoft announced the final release of Web Services Enhancements (WSE) 2.0 [92] together with revised specifications for WS-Trust [72] and WS-SecureConversation [93]. Microsoft WSE leverages building security-enhanced Web services based on the latest Web services protocol specifications, including WS-Security (OASIS) [75], WS-Policy, WSSecurityPolicy [94], WS-Trust[72], WS-SecureConversation[93], and WS-Addressing[89]. IBM research groups proposed Web Service Level Agreement (WSLA) [27] version 1.0, a semantic specification language, to automate monitoring and implementation of SLAs. It is based on XML and defined as an XML schema. Primarily, an SLA defines the obligations of a service provider to perform a service according to agreed-upon guarantees for IT-level service parameters for Web services like availability, response time, and throughput. It also defines the parties involved in the contractual agreement, role of each party, and measures to be taken in case of deviation or failure to meet the obligations. Third parties like Management Service Providers (MSP) may also be involved in carrying out the monitoring and reporting tasks. In other words, the specification elaborately defines the semantics of the details required to describe an SLA, starting with the UML object model of WSLA environment to measurement units and functions for monitoring purposes. An SLA in the WSLA language contains three sections: a section describing the parties, another containing one or more service definitions, and the third one defining the parties’ obligations. There are two types of parties; the service provider and the receiver. There may be one or more services defined by an SLA which includes parameters, and metrics or values of the parameters. The values are measured either directly in units or computed as functions of other measured values. The obligation section contains a guarantee of parameter states or values at some given time, or guarantees for some action to be taken in case of certain defined situations. Service Level Objectives (SLO) are typically the obligations of the service provider to the supporting parties or the customer, who are the obliged parties.

40


5

Farhana Zulkernine

Conclusion

This chapter discusses the open problems in the area of Web service management, presents our views and approach towards Web service management, and finally draws the conclusion of the paper with a short summary.

5.1 Open Problems Although much research has been done on Web service management, there remain many unsolved problems. Most of the Web service management frameworks that have been proposed so far address single Web service-based systems or statically composed systems where the services are fixed. None of the management frameworks addresses all the management aspects such as QoS, SLA negotiation, dynamic reconfiguration, security, recovery, and resource provisioning for dynamically composed systems. There has been considerable work done in the field of QoS and SLAs for Web services but more research is needed to resolve the issues related to service dependency. Monitoring and maintenance of QoS and SLA for a composite service system is a challenging problem, especially when the QoS of the network is considered. Ranking of services based on specific service selection criteria is another problem that needs more research. Ranking is necessary to make automatic and run-time service selection. Different clients may have different priorities for the various selection criteria and the ranking service should take this prioritization into account. Ranking and service selection can also be offered as a separate Web service. Publication and verification of QoS information that may be used as service selection criteria offer other interesting open problems. Automatic service discovery and binding is gaining a lot of interest for dynamic service composition and error recovery. In case of failure of one service in a composite system, a management system can make quick recovery by replacing the faulty service with a similar service. This requires the use of well-defined semantics and specifications to enable automatic search and replacement of similar services.

41


Farhana Zulkernine

Security is currently a very important topic. Due to the nature and usage of Web media, it is vulnerable to communication failures and malicious attacks. A good management framework should protect the system from such hazards and provide fast recovery mechanisms. Standard specifications have been published for Web service security but further research is needed to provide application level security for Web services and to construct a secure management framework. Much research is on-going in the field of autonomic Web services, but none of the frameworks offer all four features of autonomic computing [60]. Moreover, the existing solutions, in most cases, do not consider composite systems. As new specifications and standards are published, existing frameworks could be updated to use these specifications to enhance management functionality. Researchers are working on various policy specifications that may be incorporated into the management frameworks to implement policy-based management. The policies defined by service users need to be translated to system usable format. Further research is required to define strategies and implementation models to perform this translation effectively for different Web services-based systems.

5.2 Our Vision, Approach, and Future Research Direction Manual system management is becoming inefficient and almost impossible for large and complex application software, particularly in the case of varying workload. Automated monitoring and controller based management applications are being developed to alleviate the responsibilities of system administrators [46]. Following this trend, IBM introduced the concept of Autonomic Computing [24], which implies automation of the four main management activities: configuration, repair, optimization, and protection. We envision autonomic computing as the most efficient approach towards management of heterogeneous complex systems like Web services. Many researchers have proposed autonomic approaches towards deployment, monitoring, configuring, and provisioning of software and hardware resources [37,52,53]. We proposed an architecture for an autonomic Web services environment [60] that supports automatic tuning and reconfiguration in order to ensure a pre-defined SLA. Each component in the system is assumed to be an autonomic 42


Farhana Zulkernine

element as shown in Figure 9 that is managed by an autonomic manager. The framework is based on a hierarchy of autonomic managers that co-ordinate with each other to provide an organized autonomic environment for Web services. As future work, we intend to implement the different autonomic elements, and incorporate self-healing and self-protection features.

Management Interface Autonomic manager Analyze

Plan

Monitor

Execute Knowledge

Managed element

Figure 9: Autonomic element The autonomic manager consists of four functional modules that perform the following tasks: periodically monitor performance data; analyze the data based on past, current, and targeted performance; plan which parameters to tune in order to achieve the performance goal; and finally execute the action plan. Control theory [46] and reflection [65] have been shown as proven techniques for designing controllers. Feedback controllers are used to design reactive systems while predictive control systems are implemented using feed-forward controllers [57]. We propose using reflection based controllers for our autonomic managers. The open problems in the area of Web service management were illustrated in Section 4.3. We would like to extend our architecture to focus on some of those problems such as QoS based service discovery and ranking, managing composite Web services, Web service security, and translation of SLA goals to system level configuration parameters.

5.3 Summary This paper provides an introduction and background on Web service management, and an overview of some of the challenging research problems in the general area of Web services and in service management. It presents the state of the art with an analysis of various

43


Farhana Zulkernine

management aspects and approaches for Web services management. Web service technology is rapidly becoming a part of our everyday life. It offers an easy and effective way to provide services and access to information over the Internet. Many popular Web sites like Amazon.com are using Web services to serve customer enquiries. The success of this interactive Web technology largely depends on customer satisfaction. An efficient and reliable management framework is indispensable to ensure round the clock availability and service quality of Web service systems. Newer and more interesting management problems will continue to arise from the growing complexity and expansion of this technology. We envision autonomic computing as the most efficient technique for managing heterogeneous complex systems and intend to carry on with our research on implementing an autonomic Web services environment.

44


Farhana Zulkernine

Glossary

ACL AOP API B2B B2C BPELWS DAML-S DARPA ebXML HTTP HTTPS MSP OASIS OWL QoS SAML SLA SLO SOA SOC SoM SOAP SSL UDDI XACML XML XPath XQuery XSL XSLT W3C WSCI WSDL WSDM WSFL WSMF WSML WSMN WSOI WSOL WSPL

Access Control List Aspect Oriented Programming Application Programming Interface Business-to-Business Business-to-Consumers Business Process Execution Language for Web Services DARPA Agent Markup language for Services Defense Advanced Research Projects Agency Electronic Business Extensible Markup Language Hyper Text Transport Protocol Secure HTTP or HTTP over Secure Sockets Layer (SSL) Management Service Provider Organization for the Advancement of Structured Information Standards Web Ontology Language Quality of Service Security Assertion Markup Language Service Level Agreement Service Level Objectives Service Oriented Architecture Service Oriented Computing Service Oriented Middleware Simple Object Access Protocol Secure Sockets Layer Universal Description, Discovery and Integration eXtensible Access Control Markup Language eXtensible Markup Language XML Path Language XML Query eXtensible Style-sheet Language XSL Transformations World Wide Web Consortium Web Services Choreography Interface Web Services Description Language Web Services Distributed Management Web Service Flow Language Web Services Management Framework Web Service Management Layer Web Services Management Network Web Service Offering Infrastructure Web Service Offering Language Web Services Policy Language

45


Farhana Zulkernine

References 1.

2.

Fabio Casati, Eric Shan, Umeshwar Dayal, Ming-Chien Shan, “Service-oriented computing: Business-oriented management of Web services“, Communications of the ACM, Vol. 46, Issue 10, October 2003. Francisco Curbera, Rania Khalaf, Nirmal Mukhi, Stefan Tai, Sanjiva Weerawarana, “Serviceoriented computing: The next step in Web services”, Communications of the ACM, Vol. 46 Issue 10, October 2003.

3.

Analysts: Ronald Schmelzer and Jason Bloomberg, “The Complete Vision of Service-Oriented Enterprise Management”, ZapThink White Paper, December 2003.

4.

Sheth A. and Miller J. A., "Web Services: Incremental Technical Advance with Huge Practical Impact” , IEEE Intelligent Systems, Trends & Controversies, (IEEEIS), January/February, 2003, Pp. 78-80.

5.

S. Wong, “Web Services: The Next Evolution of Application Integration”, White Paper.

6. 7.

Manoj Seth, “Web Services—A Fit for EAI”, White Paper, October 28, 2002. K. Hogg, P. Chilcott, M. Nolan, B. Srinivasan, “An evaluation of Web services in the design of a B2B application”, Proceedings of the 27th conference on Australasian computer science, Vol. 26, January 2004.

8.

The Impact of Web Performance on E-Retail Success, White Paper, Akamai Technologies, Feb. 1, 2004. 9. Luciano Baresi, Reiko Heckel, Sebastian Thöne, Dániel Varró, “Modeling and validation of service-oriented architectures: application vs. style”, ACM SIGSOFT Software Engineering Notes, Proceedings of the 9th European software engineering conference Vol. 28 Issue 5, September 2003. 10. Rainer Anzböck, Schahram Dustdar, Harald Gall, “Web-based tools, systems and environments: Software configuration, distribution, and deployment of Web-services”, ACM International Conference Proceeding Series, pp: 649 – 656, July 2002. 11. “Network Management Basics”, Chapter 6, Internetworking Technologies Handbook. Composition 12. Paul Lipton, “Composition and Management of Web Services”, White Paper, Feb 5, 2004. 13.

Dan Wu, Bijan Parsia, Evren Sirin, James Hendler and Dana Nau, "Automating DAML-S Web Services Composition Using SHOP2", 2nd International Semantic Web Conference, ISWC 2003, October 2003.

14.

R. Aggarwal, K. Verma, J. Miller and W. Milnor, "Constraint Driven Web Service Composition in METEOR-S." Proceedings of the IEEE SCC, 2004.

15.

Biplav Srivastava, Jana Koehler, “Web Services Composition – Current Solutions and Open Problems”, 2002.

16.

Vladimir Tosic, David Mennie, Bernard Pagurek, “Dynamic Service Composition and Its Applicability to e-Business software systems – ICARIS Experience”, 2001.

17.

ARGOS: Dynamic Composition of Web Services for Goods Movement Analysis and Planning, project at University of South Carolina.

46


Farhana Zulkernine

Liangzhao Zeng, Boualem Benatallah, Marlon Dumas, Jayant Kalagnanam, Quan Z. Sheng, “Quality driven Web services composition”, International World Wide Web Conference, 2003. Security

18.

19.

David C. Chou and Kirill Yurov, “Security Development in Web Services Environment”, Computer Standards & Interfaces, Vol. 27, Issue 3, Pp. 233-240, March 2005.

20.

H. Wang, J. Huang, Y. Qu, J. Xie, “Web services: Problems and Future Directions”, Journal of Web Semantics, Pp. 309-320, Vol. 1, April 2004.

21.

M. Coetzee and J.H.P. Eloff, “Towards Web Service access control”, Computers & Security, Vol. 23, Issue 7, Pp. 559-570, October 2004.

22.

M. Coetzee and J.H.P. Eloff, “An Access Control Framework for Web Service”, Information Management and Computer Security, Vol. 13, March 2005.

Management 23. W3C Working Group, “Web Service Management: Service Life Cycle”, Feb 11, 2004. 24.

A. G. Ganek, T. A. Corbi, “The Dawning of the Autonomic Computing Era”, IBM System Journal, V(42), N(1), 2003.

25.

J. A. Farrell, H. Kreger, Web Services Management Approaches. IBM Systems Journal, 41(2), 2002.

26.

Verma, K., Sivashanmugam, K. , Sheth, A., Patil, A., Oundhakar, S. and Miller, J. “METEOR–S WSDI: A Scalable Infrastructure of Registries for Semantic Publication and Discovery of Web Services” , Journal of Information Technology and Management (to appear, 2003).

27.

A. Dan, D. Davis, R. Kearney, A. Keller, R. King, D. Kuebler, H. Ludwig, M. Polan, M. Spreitzer, A. Youssef, “Web services on demand: WSLA-driven automated management”, IBM Systems Journal, Vol. 43, No. 1, 2004. Maksim A. Aleksandrov, Vladislav S. Voinov, “Designing and Implementing QoS Management of the Web”, IBM Centre for Advanced Studies Conference, 1998.

28. 29.

R. Venkatavaradan and Arulazi Dhesiaseelan, “Managing Web Services: A Container-Based Approach”, July 2, 2003

30.

B Liu, S Jha, P Ray, “Mapping Distributed Application SLA to Network QoS Parameters”, Proc. of ICT, Eds. P. Lorenz, P. Dini, V. Uskov, IEEE, , 2003, Pp. 1230 – 1235 (not accessible) Nicolas Catania, Pankaj Kumar, Bryan Murray, Homayoun Pourhedari, William Vambenepe, Klaus Wurster, “Overview - Web Services Management Framework”, July 16, 2003. Sahai, A., Machiraju, V., Sayal, M., Van Moorsel, A and Casati, F., “Automated SLA Monitoring for Web Services”, Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2002 Lecture Notes in Computer Science Vol. 2506 Pp. 28-41, Springer 2002. J. Cardoso, J. Miller, A. Sheth and J. Arnold, "Modeling Quality of Service for Workflows and Web Service Processes", Technical Report # 02-002 v2, LSDIS Lab, 2002.

31. 32.

33. 34. 35.

J. Cardoso, “Quality of Service and Semantic Composition of Workflows”, Ph.D. Dissertation. Department of Computer Science, University of Georgia, Athens, GA, 2002 [PPT presentation] Li-jie Jin, Vijay Machiraju, Akhil Sahai, “Analysis on Service Level Agreement of Web Services”, Software Technology Laboratory, HP Laboratories Palo Alto, HPL-2002-180, June 21st, 2002.

47


Farhana Zulkernine

36.

I-Hsin Chung and J. K. Hollingsworth, “Automated Cluster-Based Web Service Performance Tuning”, Proceedings of IEEE Conference on High Performance Distributed Computing (HPDC), June 2004.

37.

Ken Birman, Robbert van Renesse, Werner Vogels, “Adding High Availability and Autonomic Behavior to Web Services”, Proceedings of the 26th Annual International Conference on Software Engineering (ICSE 2004). May, 2004.

38.

Sheth A., J. Cardoso, J. A. Miller, K. J. Kochut and M. Kang, "QoS for Service-Oriented Middleware”, Proceedings of the 6th World Multiconference on Systemics, Cybernetics and Informatics ( SCI'02 ), Vol. 8, Orlando, Florida (July 2002) Pp. 528-534 Heiko Ludwig, “Web Services QoS: External SLAs and Internal Policies Or: How do we deliver what we promise?” Keynote Speech at the WISE Workshop on Web Services Quality, Rome, December, 2003. Verheecke B., Cibrán M.A., "Aspect-Oriented Programming for Dynamic Web Service Monitoring and Selection", Proceedings of the European Conference on Web Services 2004 (ECOWS'04), Erfurt, Germany, September 2004. Verheecke, B., Cibrán, M. A., Vanderperren, W., Suvee, D., Jonckers, V., "AOP for Dynamic Configuration and Management of Web services in Client-Applications", International Journal on Web Services Research (JWSR), Vol. 1, Issue 3, July-Sept 2004. Verheecke B., Cibrán M. A. "Dynamic Aspects for Web Service Management”, Proceedings of the Dynamic Aspect Workshop, (AOSD), Lancaster, UK, March 2004. Cibrán M.A., Verheecke B., "Modularizing Client-Side Web Service Management Aspects", Proceedings of the 2nd Nordic Conference on Web Services (NCWS), November 2003. Cibrán M.A., Verheecke B., "Modularizing Web Services Management with AOP”, Proceedings of the First European Workshop on Object-Orientation and Web Services, (ECOOP), July 2003. Cibrán, M. A., Verheecke, B., Suvee, D., Vanderperren, W. and Jonckers V., "Automatic Service Discovery and Integration using Semantic Descriptions in the Web Services Management Layer". In Proceedings of Third Nordic Conference on Web Services, Nov. 2004.

39.

40.

41.

42. 43. 44. 45.

46.

M. Bennani and D. Menascé, “Assessing the Robustness of Self-Managing Computer Systems under Highly Variable Workloads”, Proceedings of the International Conference on Autonomic Computing (ICAC), May 2004.

47.

Tarek F. Abdelzaher, John A. Stankovic, Chenyang Lu, Ronghua Zhang, and Ying Lu, “Feedback Performance Control in Software Services”, IEEE Control Systems Magazine, Vol 23, No. 3, June 2003. Kai Shen, Hong Tang, Tao Yang, Lingkun Chu, “Cluster resource management: Integrated resource management for cluster-based Internet services”, ACM SIGOPS Operating Systems Review, Vol. 36, December 2002. Sahai A, Machiraju V, Wurster K. “Monitoring and Controlling Internet based Services”, The Second IEEE Workshop on Internet Applications (WIAPP'01), San Jose, CA July, 2001 (also HPL-2000-120).

48.

49.

50.

Tosic V., Pagurek B., Patel K., Esfandiari, B., Ma, W. “Management Applications of the Web Service Offerings Language (WSOL)”. To appear in special issue of Information Systems, Elsevier, 2004.

51.

Tosic V., Ma W., Pagurek B., Esfandiari B. “Web Services Offerings Infrastructure (WSOI) - A Management Infrastructure for XML Web Services”, to be published in Proc. of NOMS

48


Farhana Zulkernine

(IEEE/IFIP Network Operations and Management Symposium) 2004, Seoul, South Korea, April 2004. [Technical report form] 52.

R. Levy, J. Nagarajarao, G. Pacifici, M. Spreitzer, A. Tantawi, and A. Youssef, “Performance Management For Cluster Based Web Services”, IBM Technical Report, May 2003.

53.

Alan Dearle, Graham Kirby and Andrew McCarthy, “A Framework for Constraint-Based Deployment and Autonomic Management of Distributed Applications”, International Conference on Autonomic Computing (ICAC 2004), Pp. 300-301, May 2004.

54.

A. Dearle, G.N.C. Kirby, A. McCarthy, and J. C. Diaz y Carballo, “A Flexible and Secure Deployment Framework for Distributed Applications”, Proc. 2nd International Working Conference on Component Deployment (CD 2004), pp 219-233. Springer, ISBN 3-540-220593. 2004.

55.

Anne H. Anderson, “An Introduction to the Web Services Policy Language (WSPL)”, Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'04), p. 189, June, 2004. Vijay Machiraju, Akhil Sahai, Aad van Moorsel, “Web Services Management Network: An Overlay Network for Federated Service Management”, August 21st, 2002. Y. Zhang, A. Liu and W. Qu, “Software Architecture Design of An Autonomic System”, Fifth Australasian Workshop on Software and System Architectures (ASWEC’04), 2004. H. Kreger, Mark Potts, Igor Sedukhin, Hao He, Zulah Eckert, Yin-Leng Husband, “Web Services Endpoint Management Architecture Requirements Draft”, Feb 28, 2003.

56. 57. 58. 59.

G. Dobson, S. Hall, I. Sommerville, “A Container-Based Approach to Fault Tolerance in Service-Oriented Architectures”, International Conference of Software Engineering (ICSE), 2005.

60.

W. Tian, J. Zebedee, F. Zulkernine, W. Powley, and P. Martin, “Architecture for an Autonomic Web Services Environment”. In proceedings of 7th International Conference on Enterprise Information Systems (ICEIS’05), 2005.

Semantic Web 61.

Sivashanmugam, K. , Verma, K., Sheth, A., Miller, J., “Adding Semantics to Web Services Standards” , Proceedings of the 1st International Conference on Web Services (ICWS'03), Las Vegas, Nevada, June 2003, Pp. 395 - 401.

62.

Ruoyan, Z., Arpinar, B., Aleman-Meza, B., “Automatic Composition of Semantic Web Services”, 2003 International Conference on Web Services (ICWS'03), June 2003.

63.

Patil, A., Oundhakar, S., Sheth, A., and Verma, K. (2004). "MWSAF - METEOR-S Web Service Annotation Framework”. Proceedings of the 13th conference on World Wide Web, July 2004. Wooyoung Kim, Alan H. Karp, “Customizable description and dynamic discovery for Web services”, Proceedings of the 5th ACM conference on Electronic commerce, May 2004.

64.

Miscellaneous 65.

J. Fuente, S. Alonso, O. Martínez, L aguilar, “RAWS: Reflective Engineering for Web Services”, IEEE International Conference on Web Services (ICWS), June, 2004.

66.

Sahai, V. Machiraju, J. Ouyang, and K. Wurster, “Message Tracking in SOAP-based Web Services”, Technical reports by HP Labs researchers, 2001. Standards 67.

“OASIS UDDI Technical Committee Specification”, v3.0.2, Feb. 2005.

49


Farhana Zulkernine

68.

W3C, eXtensible Markup Language (XML) http://www.w3.org/XML/.

69.

W3C, “SOAP Version 1.2 Part 1: Messaging Framework”, June 2004.

70.

“W3C Web Services Description Language (WSDL) Version 2.0 (Working Draft)”, Dec. 2004.

71.

“Web Services Eventing (WS-Eventing)”, August 2004.

72.

“Web Services Trust Language (WS-Trust)”, Feb 2005.

73.

Business Process Execution Language for Web Services (BPELWS) version 1.1.

74.

W3C, Web Service Choreography Interface (WSCI), v1.0.

75.

“Specification: Web Service Security (WS-Security)”, v1.0 April 2005.

76.

J2EE, Java Servlet Technology (http://java.sun.com/products/servlet/).

77.

W3C, Web Ontology Language for Services (OWL-S) Release 1.0.

78.

“Organization for the Advancement of Structured Information Standards” (OASIS).

79.

World Wide Web Consortium (W3C).

80.

W3C, XQuery 1.0: An XML Query Language.

81.

W3C, XML Path Language (XPath) 2.0, working draft, April 2005.

82.

W3C, XSL Transformations (XSLT) Version 2.0, working draft, April 2005.

83. 84. 85.

“Web Services Distributed Management (WSDM)”, v1.0, March 2005. OASIS Security Services (SAML) TC. OASIS eXtensible Access Control Markup Language (XACML) TC.

86.

“Web Services Policy Framework (WS-Policy) and Web Services Policy Attachment (WSPolicyAttachment)”, v1.1, Sep 2004.

87.

“Web Services Events (WS-Events)”, v2.0, July 2003.

88.

“Web Services for Management (WS-Management)”, Feb. 2005.

89.

“Web Services Addressing (WS-Addressing)”, W3C, August 2004.

90.

“Web Service Enumeration (WS-Enumeration)”, Sep. 2004.

91.

“Web Service Transfer (WS-Transfer)”, Sep. 2004.

92. 93. 94.

“Web Service Enhancement (WSE 2.0)”, MSDN Magazine, March 2005. “Web Services Secure Conversation Language (WS-SecureConversation)”, v1.1, May 2004. “Web Services Security Policy Language (WS-SecurityPolicy)”, v1.0, Dec. 2002.

95.

Component Object Request Broker Architecture (CORBA).

96.

“ebXML Technical Architecture Specification” v1.0.4, 2001.

50


Farhana Zulkernine

Major Corrections in Version 2.0 Chapter 1: There are several changes because of the relocation of sections from Chapter 4 to Chapter 3 and 5. Please read this if possible. Chapter 2: Small corrections in 2.1 main paragraph. 2.1.3: Starting paragraph was moved to the end. 2.2: Title was modified 2.3: A new paragraph was added in the beginning about network and systems management. Chapter 3: 3.2.3: Our work has been referred and the characteristics of autonomic computing have been restructured as bullets. 3.3: This is a new section about industry research that has been added from Chapter 4. 3.4: The tables have been rewritten as advised. Please check the text in the tables. They are not written as complete sentences to reduce space requirement. A descriptive analysis follows the table. Chapter 4: Title has been changed. Section 4.2 was partly moved (except the standards part) to Chapter 3. 4.3: Moved to Chapter 5. Chapter 5: Restructured because of addition of new sections from Chapter 4. Old content was splitted between Section 5.2 and 5.3. Please skim through it

if possible.

51