An architecture for certification-aware service discovery

Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization). Also, some of the key promises of service-orientation - such as the dynamic orchestration of externally provided software services, using runtime service discovery and deployment - are still unachieved. One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. To close this gap, the concept of machine-readable security certificates (called asserts) has been recently introduced, which paves the way to automated processing about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. In this paper, we propose an architecture, which exploits the assert concept to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties (in additional to the usual functional properties), as well as the dynamic synthesis of service compositions, that satisfy the given security properties. The architecture is extensible, thus allowing for a range of domain specific matchmaking components, to cover dimensions related to, e.g., performance, cost and other non-functional characteristics

Formal certification and compliance for run-time service environments

With the increased awareness of security and safety of services in on-demand distributed service provisioning (such as the recent adoption of Cloud infrastructures), certification and compliance checking of services is becoming a key element for service engineering. Existing certification techniques tend to support mainly design-time checking of service properties and tend not to support the run-time monitoring and progressive certification in the service execution environment. In this paper we discuss an approach which provides both design-time and runtime behavioural compliance checking for a services architecture, through enabling a progressive event-driven model-checking technique. Providing an integrated approach to certification and compliance is a challenge however using analysis and monitoring techniques we present such an approach for on-going compliance checking

An Integrated Semantic Web Service Discovery and Composition Framework

In this paper we present a theoretical analysis of graph-based service composition in terms of its dependency with service discovery. Driven by this analysis we define a composition framework by means of integration with fine-grained I/O service discovery that enables the generation of a graph-based composition which contains the set of services that are semantically relevant for an input-output request. The proposed framework also includes an optimal composition search algorithm to extract the best composition from the graph minimising the length and the number of services, and different graph optimisations to improve the scalability of the system. A practical implementation used for the empirical analysis is also provided. This analysis proves the scalability and flexibility of our proposal and provides insights on how integrated composition systems can be designed in order to achieve good performance in real scenarios for the Web.Comment: Accepted to appear in IEEE Transactions on Services Computing 201

Taming the cloud: Safety, certification and compliance for software services - Keynote at the Workshop on Engineering Service-Oriented Applications (WESOA) 2011

The maturity of IT processes, such as software development, can be and is often certified. Current trends in the IT industry suggest that software systems in the future will be very different from their counterparts today, with an increasing adoption of the Service-Oriented Architecture (SOA) design pattern and the deployment of Software-as-a-Service (SaaS) on Cloud infrastructures. In this talk we discuss some issues surrounding engineering Software Services for Cloud infrastructures and highlight the need for enhanced control, service-level agreement and compliance mechanisms for Software Services. Cloud Infrastructures and Service Mash-ups

NLSC: Unrestricted Natural Language-based Service Composition through Sentence Embeddings

Current approaches for service composition (assemblies of atomic services) require developers to use: (a) domain-specific semantics to formalize services that restrict the vocabulary for their descriptions, and (b) translation mechanisms for service retrieval to convert unstructured user requests to strongly-typed semantic representations. In our work, we argue that effort to developing service descriptions, request translations, and matching mechanisms could be reduced using unrestricted natural language; allowing both: (1) end-users to intuitively express their needs using natural language, and (2) service developers to develop services without relying on syntactic/semantic description languages. Although there are some natural language-based service composition approaches, they restrict service retrieval to syntactic/semantic matching. With recent developments in Machine learning and Natural Language Processing, we motivate the use of Sentence Embeddings by leveraging richer semantic representations of sentences for service description, matching and retrieval. Experimental results show that service composition development effort may be reduced by more than 44\% while keeping a high precision/recall when matching high-level user requests with low-level service method invocations.Comment: This paper will appear on SCC'19 (IEEE International Conference on Services Computing) on July 1

Supporting Dynamic Service Composition at Runtime based on End-user Requirements

Network-based software application services are receiving a lot of attention in recent years, as observed in developments as Internet of Services, Software as a Service and Cloud Computing. A service-oriented computing ecosystem is being created where the end-user is having an increasingly more active role in the service creation process. However, supporting end-users in the creation process, at runtime, is a difficult undertaking. Users have different requirements and preferences towards application services, use services in different situations and expect highly abstract mechanisms in the creation process. Furthermore, there are different types of end-users: some can deliver more detailed requirements or can be provided with more advanced request interface, while others can not. To tackle these issues and provide end-users with personalised service delivery, we claim that runtime automated service composition mechanisms are required. In this paper we present the DynamiCoS framework, which aims at supporting the different phases required to provide end-users with automatic service discovery, selection and composition process. In this paper we also present the developed prototype and its evaluation

Issues about the Adoption of Formal Methods for Dependable Composition of Web Services

Web Services provide interoperable mechanisms for describing, locating and invoking services over the Internet; composition further enables to build complex services out of simpler ones for complex B2B applications. While current studies on these topics are mostly focused - from the technical viewpoint - on standards and protocols, this paper investigates the adoption of formal methods, especially for composition. We logically classify and analyze three different (but interconnected) kinds of important issues towards this goal, namely foundations, verification and extensions. The aim of this work is to individuate the proper questions on the adoption of formal methods for dependable composition of Web Services, not necessarily to find the optimal answers. Nevertheless, we still try to propose some tentative answers based on our proposal for a composition calculus, which we hope can animate a proper discussion