Semantic Web Technologies in Support of Service Oriented Architecture Governance

As Service Oriented Architecture (SOA) deployments gradually mature they also grow in size and complexity. The number of service providers, services, and service consumers increases, and so do the dependencies among these entities and the various artefacts that describe how services operate, or how they are meant to operate under specific conditions. Appropriate governance over the various phases and activities associated with the service lifecycle is therefore indispensable in order to prevent a SOA deployment from dissolving into an unmanageable infrastructure. The employment of Semantic Web technologies for describing and reasoning about service properties and governance requirements has the potential to greatly enhance the effectiveness and efficiency of SOA Governance solutions by increasing the levels of automation in a wide-range of tasks relating to service lifecycle management. The goal of the proposed research work is to investigate the application of Semantic Web technologies in the context of service lifecycle management, and propose a concrete theoretical and technological approach for supporting SOA Governance through the realisation of semantically-enhanced registry and repository solutions

Advanced service monitoring configurations with SLA decomposition and selection

Service Level Agreements (SLAs) for Software Services aim to clearly identify the service level commitments established between service requesters and providers. The commitments that are agreed however can be expressed in complex notations through a combination of expressions that need to evaluated and monitored efficiently. The dynamic allocation of the responsibility for monitoring SLAs (and often different parts within them) to different monitoring components is necessary as both SLAs and the components available for monitoring them may change dynamically during the operation of a service based system. In this paper we discuss an approach to supporting this dynamic configuration, and in particular, how SLAs expressed in higher-level notations can be efficiently decomposed and appropriate monitoring components dynamically allocated for each part of the agreements. The approach is illustrated with mechanical support in the form of a configuration service which can be incorporated into SLA-based service monitoring infrastructures

Towards a Consistent Service Lifecycle Model in Service Governance

Introducing an SOA in a company brings new challenges for the existing management. Small loosely coupled services allow the Enterprise Architecture to flexibly adapt to existing business processes that themselves depend on changing market environments. SOA, however, introduces a new implicit system complexity. Service Governance approaches address this issue by introducing management processes and techniques, and best practices to cope with the new heterogeneity. Service lifecycle management is one aspect. Existing definitions of service lifecycles vary greatly.. In this paper, we compare existing service lifecycle approaches concerning defined phases and process. In particular, we challenge the purpose of the distinctions made between design time, runtime, and change time. Concluding, we propose a consolidated service lifecycle model for usage in Service Governance

Tisa: Toward Trustworthy Services in a Service-Oriented Architecture

Verifying whether a service implementation is conforming to its service-level agreements is important to inspire confidence in services in a service-oriented architecture (SoA). Functional agreements can be checked by observing the published interface of the service, but other agreements that are more non-functional in nature, are often verified by deploying a monitor that observes the execution of the service implementation. A problem is that such a monitor must execute in an untrusted environment. Thus, integrity of the results reported by such a monitor crucially depends on its integrity. We contribute an extension of the traditional SoA, based on hardware-based root of trust, that allows clients, brokers and providers to negotiate and validate the integrity of a requirements monitor executing in an untrusted environment. We make two basic claims: first, that it is feasible to realize our approach using existing hardware and software solutions, and second, that integrity verification can be done at a relatively small overhead. To evaluate feasibility, we have realized our approach using current software and hardware solutions. To measure overhead, we have conducted a case study using a collection of Web service implementations available with Apache Axis implementation

The Impact of Service Oriented Architecture (SOA) on IT Auditing

Executive Summary This study investigates the impact that SOA has on IT Auditing. Service-oriented architecture emerged as new technology in literature since 1996 and it has been a hype in the Netherlands between 2006 and 2007. The development of new technologies is faster than the developments in IT auditing profession. IT auditors have stated in interviews that they are aware of the impact that SOA has on their profession and that SOA will need another audit approach, because the environment is different than the traditional IT environments on which audit programs are based on. Auditing SOA is a complex process, but by approaching it from the business processes and stages in the Software Development Life Cycle process, the auditor can gain more insights to audit this complex environment

Interaction-Driven Self-adaptation of Service Ensembles

Abstract. The emergence of large-scale online collaboration requires current information systems to be apprehended as service ensembles comprising human and software service entities. The software services in such systems cannot adapt to user needs based on autonomous principles alone. Instead system requirements need to reflect global interaction characteristics that arise from the overall collaborative effort. Interaction monitoring and analysis, therefore, must become a central aspect of system self-adaptation. We propose to dynamically evaluate and update system requirements based on interaction characteristics. Subsequent reconfiguration and replacement of services enables the ensemble to mature in parallel with the evolution of its user community. We evaluate our approach in a case study focusing on adaptive storage services.

The relationship among development skills, design quality, and centrality in open source projects

The paradigm of the Internet of Services envisions trade on a global service-enabled internet. Companies, which participate in this new world of services, face the challenges of changing market conditions, new competitive threats, and new legal regulations. Service-oriented Architectures (SOA) provide a promising way to address some of these challenges at the level of the company’s IT infrastructure. In order to guideline an enterprise’s organization and IT and ensure smooth operations, governance frameworks have been established. More specifically, IT Governance and recently SOA Governance have been introduced. The basic structure of IT Governance frameworks is applicable to an SOA. However, they lack functionality or applicability concerning SOA-specific challenges. Current approaches, which focus on mere SOA Governance, lack framework scope and are mostly driven by individual companies. This issue aggravates taking into account the shift to an Internet of Services. We identify key issues and provide initial insights on building blocks for a Service Governance Framework which enables operations for companies in a moderated service network. We discuss service life cycle phases, stakeholder roles, and management processes taking into consideration existing frameworks such as ITIL and CObIT as well as industry-specific approaches from companies such as SAP, Oracle, and HP

Bootstrapping trust in service oriented architecture

Services in a service-oriented architecture are designed to meet desired functional and non-functional requirements. Conformance of a service implementation to its functional requirements can be tested by observing the interface of the service but it is hard to enforce non-functional requirements such as data privacy and safety properties by monitoring the interface alone. Instead the implementation of the service need to be monitored for its conformance to the non-functional properties. A requirement\u27s monitor can be deployed to check this conformance. A key problem is that such monitor must execute in an untrustworthy environment (at the service provider\u27s location).;We argue that the integrity of the reported results of such a monitor crucially depends on the integrity of the monitor itself. Previous research results on trustworthy computing has shown that static properties, such as the checksum, of a remote program can be verified using a hardware-based mechanism called trusted platform module.;This thesis makes two contributions. First, we extend the traditional notion of a service-oriented architecture to accommodate the requirements for trust. Second, we propose a dynamic attestation mechanism that serves to support our extensions. To evaluate our approach, we have conducted a case study using a commercial requirements monitor and a collection of web service implementations available with Apache Axis implementation. Our case study demonstrates the feasibility of verifying the conformance of a web service executing in an untrusted environment with respect to a class of non-functional requirements using our approach. Lack of data privacy during online transactions is a major cause of concern among e-commerce users. By providing a technique to monitor such properties in a decoupled environment our work promises to address the issue of guaranteeing the privacy of confidential client data on the provider\u27s side in a Service Oriented Architecture