The lifecycle of provenance metadata and its associated challenges and opportunities

This chapter outlines some of the challenges and opportunities associated with adopting provenance principles and standards in a variety of disciplines, including data publication and reuse, and information sciences

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Before-Commit Client State Management Services for AJAX Applications

Heavily script-based browser applications change the manner in which users interact with Web browsers. Instead of downloading a succession of HTML pages, users download a single application and use that application for a long period of time. The application is not a set of HTML pages, but rather a single page that can possible modify its own presentation based on data exchanged with a server. In such an environment, it is necessary to provide some means for the client to manage its own state. We describe the initial results of our work in providing client-side state management services for these script-based applications. We focus on browser-based services that can help the user before any data is committed on the server. Our services include state checkpointing, property binding, operation logging, operational replay, ATOM/RSS data updates, and application-controlled persistence

Collaborative management of web ontology data with flexible access control

The creation and management of ontology data on web sites (e.g. instance data that is used to annotate web pages) is important technical support for the growth of the semantic web. This study identifies some key issues for web ontology data management and describes an ontology data management system, called robinet, to perform the management. This paper presents the structure of the system and introduces a Web ontology data management model that enables a flexible access control mechanism. This model adds rules into the robinet system to utilize the semantics of ontology for controlling the access to ontology data. The implementation of the rule-based access control mechanism and related testing are also discussed. © 2009 Elsevier Ltd. All rights reserved

Block-scoped access restriction technique for HTML content in web browsers

Web sites, web browsers, web site authors, web component authors, and end users interact in a complicated environment with many recognized and unrecognized trust relationships. The web browser is the arena in which many important trust relationships interact, thus it bears a considerable burden in protecting the interests and security of web end users as well as web site authors. Existing proposals, draft standards, implemented features, and web application techniques go a long way towards allowing rich and compelling content interactions, but they do not provide for rich, mutually-distrusting content to be safely embedded in a single page. This proposal suggests a declarative policy mechanism that permits untrusted content to be safely embedded in a web site while still retaining some richness. It also suggests a policy integration approach to allow multiple cooperative (but not necessarily trusting) parties to provide components of a policy that combine together in a safe manner. It incorporates techniques including fine-grained and coarse-grained permission dropping and white-listing protections for retained capabilities. Finally, the proposed concepts are applied to a number of real-world CVE vulnerabilities, and it is explained how the proposal does or does not prevent or mitigate the attack. The solution is shown to be effective against cross-style-scripting style attacks, and to not be effective at preventing incoming cross-site request forgery attacks

Towards an aspect weaving BPEL engine

This position paper proposes the use of dynamic aspects and the visitor design pattern to obtain a highly configurable and extensible BPEL engine. Using these two techniques, the core of this infrastructural software can be customised to meet new requirements and add features such as debugging, execution monitoring, or changing to another Web Service selection policy. Additionally, it can easily be extended to cope with customer-specific BPEL extensions. We propose the use of dynamic aspects not only on the engine itself but also on the workflow in order to tackle the problems of Web Service hot deployment and hot fixes to long running processes. In this way, composing aWeb Service "on-the-fly" means weaving its choreography interface into the workflow

The Family of MapReduce and Large Scale Data Processing Systems

In the last two decades, the continuous increase of computational power has produced an overwhelming flow of data which has called for a paradigm shift in the computing architecture and large scale data processing mechanisms. MapReduce is a simple and powerful programming model that enables easy development of scalable parallel applications to process vast amounts of data on large clusters of commodity machines. It isolates the application from the details of running a distributed program such as issues on data distribution, scheduling and fault tolerance. However, the original implementation of the MapReduce framework had some limitations that have been tackled by many research efforts in several followup works after its introduction. This article provides a comprehensive survey for a family of approaches and mechanisms of large scale data processing mechanisms that have been implemented based on the original idea of the MapReduce framework and are currently gaining a lot of momentum in both research and industrial communities. We also cover a set of introduced systems that have been implemented to provide declarative programming interfaces on top of the MapReduce framework. In addition, we review several large scale data processing systems that resemble some of the ideas of the MapReduce framework for different purposes and application scenarios. Finally, we discuss some of the future research directions for implementing the next generation of MapReduce-like solutions.Comment: arXiv admin note: text overlap with arXiv:1105.4252 by other author