Web service search: who, when, what, and how

Web service search is an important problem in service oriented architecture that has attracted widespread attention from academia as well as industry. Web service searching can be performed by various stakeholders, in different situations, using different forms of queries. All those combinations result in radically different ways of implementation. Using a real world web service composition example, this paper describes when, what, and how to search web services from service assemblers’ point of view, where the semantics of web services are not explicitly described. This example outlines the approach to implement a web service broker that can recommend useful services to service assemblers

Orchestration under Security Constraints

International audienceAutomatic composition of web services is a challenging task. Many works have considered simplified automata models that abstract away from the structure of messages exchanged by the services. For the domain of secured services (using e.g. digital signing or timestamping) we propose a novel approach to automated composition of services based on their security policies. Given a community of services and a goal service, we reduce the problem of composing the goal from services in the community to a security problem where an intruder should intercept and redirect messages from the service community and a client service till reaching a satisfying state. We have implemented the algorithm in AVANTSSAR Platform and applied the tool to several case studies

Extending substitutability in composite services by allowing asynchronous communication

Web services are programs that are self-contained, self-describing, interoperable, platform-independent, and accessible over a network. These properties allow several Web services to be combined together to form a Web service composition. However, when a component service within a Web service composition becomes unavailable or unusable, it is necessary to identify a substitute service that can replace the failed component while preserving the original functionality of the composition. This is the problem of Web service substitution. Most existing work that addresses this problem requires strict functional equivalence between the original component and its substitute. In contrast, Pathak et al. have shown in 2007 that it is sufficient for a substitute service to provide the same functionality with respect to the rest of the composition as the component it is replacing. Pathak et al. apply a technique called quotienting to determine the portion of the composition\u27s overall functionality that is satisfied by the original component. The quotienting operation yields the property that must be satisfied by a substitute for that component. While the use of quotienting allows more possible substitute services to be accepted, it is possible to relax the substitutability condition even further by considering asynchronous communication between component services within the Web service composition model. Our work accomplishes this task by providing a formal framework for representing asynchronous communication within a Web service composition. In our framework, the asynchronous communication is encapsulated in a buffer process, which stores each message until a component is ready to consume it. We prove the correctness of our solution, describe our implementation, and discuss some directions for future research

Analysis and Applications of Timed Service Protocols

International audienceWeb services are increasingly gaining acceptance as a framework for facilitating application-to-application interactions within and across enterprises. It is commonly accepted that a service description should include not only the interface, but also the business protocol supported by the service. The present work focuses on the formalization of an important category of protocols that includes time-related constraints (called timed protocols), and the impact of time on compatibility and replaceability analysis. We formalized the following timing constraints: C-Invoke constraints define time windows within which a service operation can be invoked while M-Invoke constraints define expiration deadlines. We extended techniques for compatibility and replaceability analysis between timed protocols by using a semantic-preserving mapping between timed protocols and timed automata, leading to the identification of a novel class of timed automata, called protocol timed automata (PTA). PTA exhibit a particular kind of silent transition that strictly increase the expressiveness of the model, yet they are closed under complementation, making every type of compatibility or replaceability analysis decidable. Finally, we implemented our approach in the context of a larger project called ServiceMosaic, a model-driven framework for Web service life-cycle management

A formal verification approach of conversations in compostie Web services

Web service composition is nowadays a very focused-on topic of research by academic and industrial research groups. This thesis discusses the design and verification of behaviors of composite web services. To model composite web services, two behaviors are proposed, namely control and operational. The operational behavior shows the business logic of the process functionality for a composite web service. The control behavior shows the constraints that the operational behavior should satisfy and specifies the states that this behavior should be in. The idea behind this separation is to promote the design, verification and reusability of web services in composite settings. To guarantee their compatibility, these two behaviors communicate and synchronize through conversation messages. State charts are used to model composite web services and symbolic model checking with NuSMV model checker is used to verify their conversations. The properties to be verified are expressed in two logics: Linear Temporal Logic (LTL) and Computation Tree Logic (CTL). A Java-based translation procedure from the design model to SMV program used by NuSMV has been developed and tested in two case studie

Model checking GSM-based multi-agent systems

Business artifacts are a growing topic in service oriented computing. Artifact systems include both data and process descriptions at interface level thereby providing more sophisticated and powerful service inter-operation capabilities. The Guard-Stage-Milestone (GSM) language provides a novel framework for specifying artifact systems that features declarative descriptions of the intended behaviour without requiring an explicit specification of the control flow. While much of the research is focused on the design, deployment and maintenance of GSM programs, the verification of this formalism has received less attention. This thesis aims to contribute to the topic. We put forward a holistic methodology for the practical verification of GSM-based multi-agent systems via model checking. The formal verification faces several challenges: the declarative nature of GSM programs; the mechanisms for data hiding and access control; and the infinite state spaces inherent in the underlying data. We address them in stages. First, we develop a symbolic representation of GSM programs, which makes them amenable to model checking. We then extend GSM to multi-agent systems and map it into a variant of artifact-centric multi-agent systems (AC-MAS), a paradigm based on interpreted systems. This allows us to reason about the knowledge the agents have about the artifact system. Lastly, we investigate predicate abstraction as a key technique to overcome the difficulty of verifying infinite state spaces. We present a technique that lifts 3-valued abstraction to epistemic logic and makes GSM programs amenable to model checking against specifications written in a quantified version of temporal-epistemic logic. The theory serves as a basis for developing a symbolic model checker that implements SMT-based, 3-valued abstraction for GSM-based multi-agent systems. The feasibility of the implementation is demonstrated by verifying GSM programs for concrete applications from the service community.Open Acces

Coordination fiable de services de données à base de politiques actives

We propose an approach for adding non-functional properties (exception handling, atomicity, security, persistence) to services' coordinations. The approach is based on an Active Policy Model (AP Model) for representing services' coordinations with non-functional properties as a collection of types. In our model, a services' coordination is represented as a workflow composed of an ordered set of activities, each activity in charge of implementing a call to a service' operation. We use the type Activity for representing a workflow and its components (i.e., the workflow' activities and the order among them). A non-functional property is represented as one or several Active Policy types, each policy composed of a set of event-condition-action rules in charge of implementing an aspect of the property. Instances of active policy and activity types are considered in the model as entities that can be executed. We use the Execution Unit type for representing them as entities that go through a series of states at runtime. When an active policy is associated to one or several execution units, its rules verify whether each unit respects the implemented non-functional property by evaluating their conditions over their execution unit state, and when the property is not verified, the rules execute their actions for enforcing the property at runtime. We also proposed a proof of concept Active Policy Execution Engine for executing an active policy oriented workflow modelled using our AP Model. The engine implements an execution model that determines how AP, Rule and Activity instances interact among each other for adding non-functional properties (NFPs) to a workflow at execution time. We validated the AP Model and the Active Policy Execution Engine by defining active policy types for addressing exception handling, atomicity, state management, persistency and authentication properties. These active policy types were used for implementing reliable service oriented applications, and mashups for integrating data from services.Nous proposons une approche pour ajouter des propriétés non-fonctionnelles (traitement d'exceptions, atomicité, sécurité, persistance) à des coordinations de services. L'approche est basée sur un Modèle de Politiques Actives (AP Model) pour représenter les coordinations de services avec des propriétés non-fonctionnelles comme une collection de types. Dans notre modèle, une coordination de services est représentée comme un workflow compose d'un ensemble ordonné d'activité. Chaque activité est en charge d'implante un appel à l'opération d'un service. Nous utilisons le type Activité pour représenter le workflow et ses composants (c-à-d, les activités du workflow et l'ordre entre eux). Une propriété non-fonctionnelle est représentée comme un ou plusieurs types de politiques actives, chaque politique est compose d'un ensemble de règles événement-condition-action qui implantent un aspect d'un propriété. Les instances des entités du modèle, politique active et activité peuvent être exécutées. Nous utilisons le type unité d'exécution pour les représenter comme des entités dont l'exécution passe par des différents états d'exécution en exécution. Lorsqu'une politique active est associée à une ou plusieurs unités d'exécution, les règles vérifient si l'unité d'exécution respecte la propriété non-fonctionnelle implantée en évaluant leurs conditions sur leurs états d'exécution. Lorsqu'une propriété n'est pas vérifiée, les règles exécutant leurs actions pour renforcer les propriétés en cours d'exécution. Nous avons aussi proposé un Moteur d'exécution de politiques actives pour exécuter un workflow orientés politiques actives modélisé en utilisant notre AP Model. Le moteur implante un modèle d'exécution qui détermine comment les instances d'une AP, une règle et une activité interagissent entre elles pour ajouter des propriétés non-fonctionnelles (NFP) à un workflow en cours d'exécution. Nous avons validé le modèle AP et le moteur d'exécution de politiques actives en définissant des types de politiques actives pour adresser le traitement d'exceptions, l'atomicité, le traitement d'état, la persistance et l'authentification. Ces types de politiques actives ont été utilisés pour implanter des applications à base de services fiables, et pour intégrer les données fournies par des services à travers des mashups

FORMAL ANALYSIS OF WEB SERVICE COMPOSITION

Ph.DDOCTOR OF PHILOSOPH

Discovery and validation for composite services on the semantic web

urrent technology for locating and validating composite services are not sufficient due to the following reasons. • Current frameworks do not have the capacity to create complete service descriptions since they do not model all the functional aspects together (i.e. the purpose of a service, state transitions, data transformations). Those that deal with behavioural descriptions are unable to model the ordering constraints between concurrent interactions completely since they do not consider the time taken by interactions. Furthermore, there is no mechanism to assess the correctness of a functional description. • Existing semantic-based matching techniques cannot locate services that conform to global constraints. Semantic-based techniques use ontological relationships to perform mappings between the terms in service descriptions and user requests. Therefore, unlike techniques that perform either direct string matching or schema matching, semantic-based approaches can match descriptions created with different terminologies and achieve a higher recall. Global constraints relate to restrictions on values of two or more attributes of multiple constituent services. • Current techniques that generate and validate global communication models of composite services yield inaccurate results (i.e. detect phantom deadlocks or ignore actual deadlocks) since they either (i) do not support all types of interactions (i.e. only send and receive, not service and invoke) or (ii) do not consider the time taken by interactions. This thesis presents novel ideas to deal with the stated limitations. First, we propose two formalisms (WS-ALUE and WS-π-calculus) for creating functional and behavioural descriptions respectively. WS-ALUE extends the Description Logic language ALUE with some new predicates and models all the functional aspects together. WS-π-calculus extends π-calculus with Interval Time Logic (ITL) axioms. ITL axioms accurately model temporal relationships between concurrent interactions. A technique comparing a WS-π-calculus description of a service against its WS-ALUE description is introduced to detect any errors that are not equally reflected in both descriptions. We propose novel semantic-based matching techniques to locate composite services that conform to global constraints. These constraints are of two types: strictly dependent or independent. A constraint is of the former type if the values that should be assigned to all the remaining restricted attributes can be uniquely determined once a value is assigned to one. Any global constraint that is not strictly dependent is independent. A complete and correct technique that locates services that conform to strictly dependent constraints in polynomial time, is defined using a three-dimensional data cube. The proposed approach that deals with independent constraints is correct, but not complete, and is a heuristic approach. It incorporates user defined objective functions, greedy algorithms and domain rules to locate conforming services. We propose a new approach to generate global communication models (of composite services) that are free of deadlocks and synchronisation conflicts. This approach is an extension of a transitive temporal reasoning mechanism