WS-GUARD: enhancing UDDI Registries with on-line testing capabilities

Abstract This thesis investigates the Service Oriented Architecture and in particular the runtime discovery of Web services through the development of an empowered UDDI registry called WS-GUARD (Guaranteeing Uddi Audition at Registration and Discovery). We start by presenting the Audition framework, a specially conceived framework that applies the idea of testing during the Web service registration in the UDDI registry and then we study the practical implications of its implementation focusing on the most advanced Web service technologies. This thesis aims at modifying and extending the registration protocol of Web services into UDDI registries in order to introduce a testing phase before actual service publishing: only those services that pass the audition are admitted in the registry and become publicly available at runtime. A complete prototype implementation of WS-GUARD is described and analysed. Riassunto analitico La tesi ha investigato l'ambito Service Oriented Architecture e in particolare il run-time discovery di Web service attraverso la realizzazione di un registro UDDI potenziato, denominato WS-GUARD (Guaranteeing Uddi Audition at Registration and Discovery). Principale obiettivo del lavoro è stato la modifica dei protocolli di registrazione del registro UDDI. Tale modifica è stata rivolta all'introduzione di una fase di testing preventiva alla tradizionale fase di registrazione. Ammettendo alla registrazione soltanto quei servizi che superino la fase di verifica si intende fornire maggiori garanzie sulla qualità dei servizi che saranno resi dinamicamente reperibili (discovered) a tempo di esecuzione. La tesi discute le modifiche proposte e ne fornisce un'implementazione reale

The Development of a graduate course on identity management for the Department of Networking, Security, and Systems Administration

Digital identities are being utilized more than ever as a means to authenticate computer users in order to control access to systems, web services, and networks. To maintain these digital identities, administrators turn to Identity Management solutions to offer protection for users, business partners, and networks. This paper proposes an analysis of Identity Management to be accomplished in the form of a graduate level course of study for a ten-week period for the Networking, Security, and Systems Administration department at Rochester Institute of Technology. This course will be designed for this department because of its emphasis on securing, protecting, and managing the identities of users within and across networks. Much of the security-related courses offered by the department focus primarily on security within enterprises. Therefore, Identity Management, a topic that is becoming more popular within enterprises each day, would compliment these courses. Students that enroll in this course will be more equipped to satisfy the needs of modern enterprises when they graduate because they will have a better understanding of how to address security issues that involve managing user identities across networks, systems, and enterprises. This course will focus on several aspects of Identity Management and its use in enterprises today. Covered during the course will be the frameworks of Identity Management, for instance, Liberty Identity Federation Framework and OASIS SAML 2.0; the Identity Management models; and some of the major Identity Management solutions that are in use today such as Liberty Alliance, Microsoft Passport, and Shibboleth. This course will also provide the opportunity to gain hands on experience by facilitating exemplar technologies used in laboratory investigations

Control Synchronous Web-Based Training Using Web Services

With the rapidly advancing technologies, training has been vital to keep companies competitive. Web-based training grows rapidly and attracts more attention for its most flexible manner. Virtual classroom is a form of synchronous web-based training. It provides real-time interactivity in learning process. I have developed a virtual classroom that uses Web services to control the audio/video transmission, chat box, whiteboard, and synchronous HTML presentation. Compared to an early implementation of the virtual classroom based on the Jini network, my Web-service based implementation has a significantly different control structure. My implementation has better interoperability

Analysis of Web Services on J2EE Application Servers

The Internet became a standard way of exchanging business data between B2B and B2C applications and with this came the need for providing various services on the web instead of just static text and images. Web services are a new type of services offered via the web that aid in the creation of globally distributed applications. Web services are enhanced e-business applications that are easier to advertise and easier to discover on the Internet because of their flexibility and uniformity. In a real life scenario it is highly difficult to decide which J2EE application server to go for when deploying a enterprise web service. This thesis analyzes the various ways by which web services can be developed & deployed. Underlying protocols and crucial issues like EAI (enterprise application integration), asynchronous messaging, Registry tModel architecture etc have been considered in this research. This paper presents a report by analyzing what various J2EE application servers provide by doing a case study and by developing applications to test functionality

Security and privacy for web databases and services

Abstract. A semantic web can be thought of as a web that is highly intelligent and sophisticated and one needs little or no human intervention to carry out tasks such as scheduling appointments, coordinating activities, searching for complex documents as well as integrating disparate databases and information systems. While much progress has been made toward developing such an intelligent web, there is still a lot to be done. For example, there is little work on security and privacy for the semantic web. However, before we examine security for the semantic web we need to ensure that its key components, such as web databases and services, are secure. This paper will mainly focus on security and privacy issues for web databases and services. Finally, some directions toward developing a secure semantic web will be provided

Participation in the Environmental Information Exchange Network Using the National Emission Inventory Dataflow

The US Environmental Protection Agency (EPA) and state environmental agencies have implemented a large nationwide system termed the Environmental Information Exchange Network, intended to consolidate and standardize the mechanism in which environmental data is exchanged between states, EPA, and other environmental organizations. The Exchange Network infrastructure is based on XML, Web services, and the Internet. The State of Alaska Department of Environmental Conservation (DEC) has an interest in participating in the Exchange Network. This project involves creation of software to extract, transform, validate, and submit DEC\u27s air emissions data to EPA through the Exchange Network. Development of this software also represents a case study of the viability, benefits, and problems when transitioning an existing data exchange to a Service Oriented Architecture (SOA)

Migrating Integration from SOAP to REST : Can the Advantages of Migration Justify the Project?

This thesis investigates the functional and conceptual differences between SOAP-based and RESTful web services and their implications in the context of a real-world migration project. The primary research questions addressed are: • What are the key functional and conceptual differences between SOAP-based and RESTful web services? • How can SOAP-based and RESTful service clients be implemented into a general client? • Can developing a client to work with REST and SOAP be justified based on differences in performance and maintainability? The thesis begins with a literature review of the core principles and features of SOAP and REST, highlighting their strengths, weaknesses, and suitability for different use cases. A detailed comparison table is provided to summarize the key differences between the two web services. The thesis presents a case study of a migration project from Lemonsoft's web team, which involved adapting an existing integration to support SOAP-based and RESTful services. The project utilized design patterns and a general client implementation to achieve a unified solution compatible with both protocols. In terms of performance, the evaluation showed that the general client led to faster execution times and reduced memory usage, enhancing the overall system efficiency. Additionally, improvements in maintainability were achieved by simplifying the codebase, using design patterns and object factories, adopting an interface-driven design, and promoting collaborative code reviews. These enhancements have not only resulted in a better user experience but also minimized future resource demands and maintenance costs. In conclusion, this thesis provides valuable insights into the functional and conceptual differences between SOAP-based and RESTful web services, the challenges and best practices for implementing a general client, and the justification for resource usage in such a solution based on performance and maintainability improvements