Out-of-Court Dispute Settlement Systems for e-Commerce. Report on an Exploratory Study.

Abstract not availableJRC.(ISIS)-Institute For Systems, Informatics And Safet

Security in a Distributed Processing Environment

Distribution plays a key role in telecommunication and computing systems today. It has become a necessity as a result of deregulation and anti-trust legislation, which has forced businesses to move from centralised, monolithic systems to distributed systems with the separation of applications and provisioning technologies, such as the service and transportation layers in the Internet. The need for reliability and recovery requires systems to use replication and secondary backup systems such as those used in ecommerce. There are consequences to distribution. It results in systems being implemented in heterogeneous environment; it requires systems to be scalable; it results in some loss of control and so this contributes to the increased security issues that result from distribution. Each of these issues has to be dealt with. A distributed processing environment (DPE) is middleware that allows heterogeneous environments to operate in a homogeneous manner. Scalability can be addressed by using object-oriented technology to distribute functionality. Security is more difficult to address because it requires the creation of a distributed trusted environment. The problem with security in a DPE currently is that it is treated as an adjunct service, i.e. and after-thought that is the last thing added to the system. As a result, it is not pervasive and therefore is unable to fully support the other DPE services. DPE security needs to provide the five basic security services, authentication, access control, integrity, confidentiality and non-repudiation, in a distributed environment, while ensuring simple and usable administration. The research, detailed in this thesis, starts by highlighting the inadequacies of the existing DPE and its services. It argues that a new management structure was introduced that provides greater flexibility and configurability, while promoting mechanism and service independence. A new secure interoperability framework was introduced which provides the ability to negotiate common mechanism and service level configurations. New facilities were added to the non-repudiation and audit services. The research has shown that all services should be security-aware, and therefore would able to interact with the Enhanced Security Service in order to provide a more secure environment within a DPE. As a proof of concept, the Trader service was selected. Its security limitations were examined, new security behaviour policies proposed and it was then implemented as a Security-aware Trader, which could counteract the existing security limitations.IONA TECHNOLOGIES PLC & ORANG

REMUS

Heutige Unternehmen verwenden mehr und mehr inter-organisationale/externe Services innerhalb ihrer internen Gesch ̈ftsprozesse. Die Vorteile dieses Service-Outsourcings sind vielfältig, und reichen von geringeren Wartungsaufwand bis zu Kostenvorhersage. Jedoch müssen Unternehmen, um sich nicht an einen einzelnen Anbieter zu binden, dafür sorgen, dass die verwendeten Services austauschbar sind. Um diese gewünschte Flexibilität bei der Serviceauswahl zu unterstützen ist ein Markplatz für Services, welcher auf einer gemeinsamen Menge von Regel aufbaut, nötig. In dieser Arbeit stellen wir ein hybrides Prozess und Service Verzeichnis vor, welches als Basis für solch einen Marktplatz verwendet werden kann. Die Einteilung in unterschiedliche An- wendungsdomänen mit gemeinsamen Schnittstellen unterstützt Kunden bei der Nutzung der angebotenen Services. Die Möglichkeit innerhalb der Servicebeschreibungen die Schnittstellen/Parameter zu transformieren erlaubt es Anbietern flexibel mit ihren Services umzuge- hen. Weiter stellen wir in dieser Arbeit einen Prototyp vor, welcher demonstriert, wie diese Information in Kombination mit adaptiven Workflowsystemen innerhalb von Cloud - Infrastrukturen verwendet werden kann. Um die Umsetzbarkeit der vorgestellten Konzepte zu zeigen wird eine Anwendung für mobile Geräte vorgestellt, welche ein reales Beispiel unter Einbeziehung des Marktplatzes ausführt.Today’s companies more and more embrace the utilization of inter-organizational services as part of their internal business processes. The benefit from this outsourcing is manifold, ranging from lower maintenance burden to predictable cost. One problem is, that for companies in order to not bind themselves to a single service provider, they have to ensure that the services they consume are interchangeable. Therefore a marketplace for services, based in a common set of rules, that allows companies to stay flexible when selecting business partners is needed. In this thesis we introduce a hybrid process and service repository acting as a base for such a marketplace. Organizing services into different application domains with a common interface allows easy usage of the provided services for the customers, while the support of interface transformation within service description keeps the vendors flexible. We further introduce a prototype system demonstrating how to use this information on in combination with adaptive workflow execution engine and Cloud infrastructures as a base. To proof the feasibility of the introduced concepts, a mobile client executing a real-world example is introduced

Adaptive object management for distributed systems

This thesis describes an architecture supporting the management of pluggable software components and evaluates it against the requirement for an enterprise integration platform for the manufacturing and petrochemical industries. In a distributed environment, we need mechanisms to manage objects and their interactions. At the least, we must be able to create objects in different processes on different nodes; we must be able to link them together so that they can pass messages to each other across the network; and we must deliver their messages in a timely and reliable manner. Object based environments which support these services already exist, for example ANSAware(ANSA, 1989), DEC's Objectbroker(ACA,1992), Iona's Orbix(Orbix,1994)Yet such environments provide limited support for composing applications from pluggable components. Pluggability is the ability to install and configure a component into an environment dynamically when the component is used, without specifying static dependencies between components when they are produced. Pluggability is supported to a degree by dynamic binding. Components may be programmed to import references to other components and to explore their interfaces at runtime, without using static type dependencies. Yet thus overloads the component with the responsibility to explore bindings. What is still generally missing is an efficient general-purpose binding model for managing bindings between independently produced components. In addition, existing environments provide no clear strategy for dealing with fine grained objects. The overhead of runtime binding and remote messaging will severely reduce performance where there are a lot of objects with complex patterns of interaction. We need an adaptive approach to managing configurations of pluggable components according to the needs and constraints of the environment. Management is made difficult by embedding bindings in component implementations and by relying on strong typing as the only means of verifying and validating bindings. To solve these problems we have built a set of configuration tools on top of an existing distributed support environment. Specification tools facilitate the construction of independent pluggable components. Visual composition tools facilitate the configuration of components into applications and the verification of composite behaviours. A configuration model is constructed which maintains the environmental state. Adaptive management is made possible by changing the management policy according to this state. Such policy changes affect the location of objects, their bindings, and the choice of messaging system

Engineering Automation for Reliable Software Interim Progress Report (10/01/2000 - 09/30/2001)

Prepared for: U.S. Army Research Office P.O. Box 12211 Research Triangle Park, NC 27709-2211The objective of our effort is to develop a scientific basis for producing reliable software that is also flexible and cost effective for the DoD distributed software domain. This objective addresses the long term goals of increasing the quality of service provided by complex systems while reducing development risks, costs, and time. Our work focuses on "wrap and glue" technology based on a domain specific distributed prototype model. The key to making the proposed approach reliable, flexible, and cost-effective is the automatic generation of glue and wrappers based on a designer's specification. The "wrap and glue" approach allows system designers to concentrate on the difficult interoperability problems and defines solutions in terms of deeper and more difficult interoperability issues, while freeing designers from implementation details. Specific research areas for the proposed effort include technology enabling rapid prototyping, inference for design checking, automatic program generation, distributed real-time scheduling, wrapper and glue technology, and reliability assessment and improvement. The proposed technology will be integrated with past research results to enable a quantum leap forward in the state of the art for rapid prototyping.U. S. Army Research Office P.O. Box 12211 Research Triangle Park, NC 27709-22110473-MA-SPApproved for public release; distribution is unlimited

Legitimisation of Foreign Direct Investment Screening Among Business Actors: The Danish Case

There has been a conspicuous shift in the European Union's perception of economic interdependence and open markets, manifested in a mushrooming number of screening policies aimed at verifying foreign direct investments raising national security concerns. The introduction of these policies can be viewed as a market constraint that might negatively affect business operations, so it is puzzling that some European business actors did not actively resist their adoption, despite having wide lobbying opportunities in Europe. I explore this puzzle using the case of Denmark by drawing on theories of securitisation and preference formation under uncertainty. I argue that business actors established their policy preferences in the context of uncertainty and the gradual increase in security framing by the European and local political elites. Exposed to these increasing security discourses across different levels and networks, businesses adjusted their policy preferences, balancing between different identities. The flexibility inherent in a multilevel and evolving securitisation process led to the legitimisation of investment screening policies among interest groups and mitigated their resistance to the imposition of market constraints on security grounds

Action Relations:Basic Design Concepts for Behaviour Modelling and Refinement

This thesis presents basic design concepts, design methods and a basic design language for distributed system behaviours. This language is based on two basic concepts: the action concept and the causality relation concept. Our methods focus on behaviour refinement, which consists of replacing an abstract behaviour by a more concrete behaviour, such that the concrete behaviour conforms to the abstract behaviour. An important idea underlying this thesis is that an effective design methodology should be based on a properly chosen and precisely defined set of basic design concepts. Properly chosen design concepts represent essential system conceptions (mental images) that are derived from the real world and allow a designer to conceive and structure the essential characteristics of a system. The set of basic design concepts and their combination rules is called a basic design model. We explain how a design methodology supported by design notations and automated tools depends on the basic design model. We introduce and motivate a limited set of basic design concepts that are necessary to design distributed systems. These concepts are structured into two related conceptual domains: the entity domain and the behaviour domain. This thesis focuses on the behaviour domain, which consists of the action concept, the interaction concept and the concept of causality relation. Therefore, we elaborate the action and interaction concepts in more detail and give a formal definition of these concepts. The elaboration of the causality relation concept comprises the main part of this thesis. In order to enable a systematic and modular development of the causality relation concept, we identify the important characteristics of relations between actions and structure these characteristics in an abstraction hierarchy. An action models the essential characteristics of a unit of activity that is performed by a single entity. We consider the following characteristics of an activity as essential: the result that is established by the activity, the moment at which the activity is finished and makes its total result available, and the location at which this result is made available. These characteristics are modelled by means of the information, time and location attributes of an action, respectively. We consider an interaction as a refinement of an action, which models how an activity is performed through the cooperation of multiple entities. A causality relation defines one or more alternative conditions for the occurrence of an action in terms of how this action depends on the occurrences or non-occurrences of other actions. An action occurrence is caused by (or depends on) only one of its alternative conditions, although multiple of these conditions can be satisfied at the same time. We consider the uncertainty or probability that an action occurs when one (or more) of its alternative conditions are satisfied as an important concept in the design of relations between activities. This concept is represented by the probability attribute, which defines, for each alternative 390 Summary condition of an action, the probability that the action occurs when this condition is satisfied. We distinguish three types of probability attributes: (i) the uncertainty attribute supports two uncertainty values: must and may, (ii) the integral probability attribute quantifies these uncertainty values, such that the must value corresponds to probability value 1, and the may value corresponds to a probability value in the range (0..1), and (iii) the stochastic probability attribute uses the time attribute of an action as a stochastic variable, such that a probability distribution function defines for the time period in which the action is allowed to occur, the probability that the action actually occurs. We start with an initial definition of the causality relation concept that supports the design of temporal ordering relations between actions, including the uncertainty attribute. Four elementary causality conditions are defined: the start condition, the enabling condition, the disabling condition and the synchronization condition. These elementary conditions can be composed into more complex causality conditions using the conjunction (and-) and disjunction (or-) operators. The disjunction operator is used to define multiple alternative causality conditions for an action. The uncertainty attribute defines, for each of these alternative conditions, whether the action must or may occur when this condition is satisfied. The initial definition of the causality relation concept is extended with the information, location and time attribute. This extension supports the design of the following type of constraints for each of these attributes: (i) the range of possible values that can be established in an action, (ii) how the value of an action depends on the values established in other actions, and (iii) how the occurrence of an action depends on the values established in other actions. Constraints involving different attribute types are also allowed, e.g., the time and location value established in an action may be referred to as information values by another action. The integral and stochastic probability attribute can be used instead of the uncertainty attribute to quantify the uncertainty of action occurrences. Two interpretations of these probability attributes are distinguished: (i) the simple interpretation defines for each alternative condition of an action the probability that the action occurs when this condition is satisfied, and (ii) the extended interpretation defines for each alternative condition of an action the probability that the occurrence of the action is caused by this condition once this condition enables the action. The extended interpretation allows one to model the probability of individual actions in, e.g., choice, disabling and interleaving relations. In order to define the formal semantics of causality relations, a so called execution model is introduced. In this model, a behaviour is defined by enumerating all possible executions of this behaviour. An execution represents the outcome of a possible run of a system that performs a specified behaviour. This outcome comprises the actions that have occurred, the information, time and location values that have been established in these actions, and how action occurrences are related in the particular execution. An execution also gets one or more probability values, which represent the probability that this execution is the outcome of a system run. In this respect, a behaviour is considered an experiment and an execution is considered a possible outcome of this experiment. The sum of the probability of all possible executions of a behaviour is equal to 1. Based on the basic design language, we present an integrated set of methods to perform behaviour refinement. These methods support two basic types of behaviour refinement: 391 causality refinement, in which causality relations between abstract actions are replaced by causality relations involving their corresponding concrete actions and some inserted actions, and action refinement, in which an abstract action is replaced by an activity involving multiple concrete actions and their causality relations. The methods are based on the assessment of the conformance relation between the abstract behaviour and the concrete behaviour that is obtained from the abstract behaviour by means of causality refinement or action refinement. This assessment involves the determination of the abstraction of the concrete behaviour and the comparison of this abstraction with the original abstract behaviour. Rules to perform the abstraction and comparison operations have been developed. In this thesis we extend the basic design language with the causality-oriented structuring technique defined in [16]. This technique allows one to structure a complex behaviour in terms of simpler sub-behaviours and their relationships. In order to model (infinitely) repetitive behaviours, this technique is extended with the means to (dynamically) create multiple instances of a single sub-behaviour (type) definition, including the means to refer unambiguously to each individual behaviour instance. The ideas presented in this thesis are applied to two case studies. We apply our behaviour refinement method to the design of a system that supports a client-server interaction. At the highest abstraction level we assume that direct interactions between the client application and the server application are possible. At a lower abstraction level we implement these interactions using a federation of remote traders, which communicate via a common communication infrastructure. We also apply our basic design language to the modelling of the behaviour of the OSI Connection-oriented Transport Service. This case study also includes the modelling of timing and probability characteristics imposed by the QoS parameters of the transport service

The Development Impact of Information Technology in Trade and Facilitation

Trade Facilitation (TF), or streamlining regulatory and other procedures involved in the import or export of goods, has received increasing attention in recent years as governments realize the significant impact inefficient trade procedures can have on their countries' trade competitiveness. Simplifying trade procedures and making them more transparent has also been identified as a way to make international trade more inclusive, as this would make it easier for small and medium-sized enterprises to engage in import and export activities. At the same time, however, many trade facilitation measures identified for implementation in developing countries-often with the support of development agencies-involve the use of modern information and communications technology (ICT), to which SMEs may not always have easy access.Trade, Foreign Direct Investment, Financial Crisis, Environment, Agricultural Trade Liberalization, WTO