Dynamic selection of redundant web services

In the domain of Web Services, it is not uncommon to find redundant services that provide functionalities to the clients. Services with the same functionality can be clustered into a group of redundant services. Respectively, if a service offers different functionalities, it belongs to more than one group. Having various Web Services that are able to handle the client's request suggests the necessity of a mechanism that selects the most appropriate Web Service at a given moment of time. This thesis presents an approach, Virtual Web Services Layer, for dynamic service selection based on virtualization on the server side. It helps managing redundant services in a transparent manner as well as allows adding services to the system at run-time. In addition, the layer assures a level of security since the consumers do not have direct access to the Web Services. Several selection techniques are applied to increase the performance of the system in terms of load-balancing, dependability, or execution time. The results of the experiments show which selection techniques are appropriate when different QoS criteria of the services are known and how the correctness of this information influences on the decision-making process

Situational Enterprise Services

The ability to rapidly find potential business partners as well as rapidly set up a collaborative business process is desirable in the face of market turbulence. Collaborative business processes are increasingly dependent on the integration of business information systems. Traditional linking of business processes has a large ad hoc character. Implementing situational enterprise services in an appropriate way will deliver the business more flexibility, adaptability and agility. Service-oriented architectures (SOA) are rapidly becoming the dominant computing paradigm. It is now being embraced by organizations everywhere as the key to business agility. Web 2.0 technologies such as AJAX on the other hand provide good user interactions for successful service discovery, selection, adaptation, invocation and service construction. They also balance automatic integration of services and human interactions, disconnecting content from presentation in the delivery of the service. Another Web technology, such as semantic Web, makes automatic service discovery, mediation and composition possible. Integrating SOA, Web 2.0 Technologies and Semantic Web into a service-oriented virtual enterprise connects business processes in a much more horizontal fashion. To be able run these services consistently across the enterprise, an enterprise infrastructure that provides enterprise architecture and security foundation is necessary. The world is constantly changing. So does the business environment. An agile enterprise needs to be able to quickly and cost-effectively change how it does business and who it does business with. Knowing, adapting to diffident situations is an important aspect of today’s business environment. The changes in an operating environment can happen implicitly and explicitly. The changes can be caused by different factors in the application domain. Changes can also happen for the purpose of organizing information in a better way. Changes can be further made according to the users' needs such as incorporating additional functionalities. Handling and managing diffident situations of service-oriented enterprises are important aspects of business environment. In the chapter, we will investigate how to apply new Web technologies to develop, deploy and executing enterprise services

Integrated Network Service Manager: un sistema per la gestione integrata di servizi di rete

Cost reduction, simplified management, security and quality of service are fundamental targets when designing network services. Large organizations, which require great flexibility, often implement distributed services leading to the high cost of managing multiple servers. Transferring services from a distributed to a centralized model can reduce costs considerably. However, this choice could limit the freedom of peripheral administrators to manage their own services. We believe that the best solution is to strike a balance between the centralized and the distributed model: i.e., a hybrid management system, partly centralized, partly distributed. The idea is to centralize system configuration, maintenance and monitoring while distributing administrative tasks, typical of peripheral organization units, via web-based interfaces. We call this approach \u27Centralized Management with Delegated Administration\u27. In this report we describe INSM (Integrated Network Services Manager), a system for managing e-mail and DNS services, based on the CMDA model

Dynamic Approach for Web Services Selection and Analysis of Security Protocols

In the domain of Web Services, it is not uncommon to find redundant services that provide functionalities to the clients. Services with the same functionality can be clustered into a group of redundant services.Respectively, if a service offers different functionalities, it belongs to more than one group. Having various Web Services that are able to handle the client’s request suggests the necessity of a mechanism that selects the most appropriate Web Service at a given moment of time. This thesis presents an approach, Repository Based Web Services Selection,for dynamic service selection based on virtualization on the server side. It helps managing redundant services in a transparent manner as well as allows adding services to the system at run-time. In addition, the model assures a level of security since the consumers do not have direct access to the Web Services. This work describes different security aspects of Web Services and technologies they use and a framework to introduce a message level security to SOAP (SimpleObject Access Protocol). The purpose of the session protocol is explained along with the approach to authenticate two Web Services with each other and how to establish a shared secret session key with which they can encrypt their messages to ensure confidentiality. Various security issues that be came relevant during the design of the system and at the time of setting up the SOAP session are being addressed in this work. The analysis of the session setup process proves that an adversary cannot break the protocol by interception, alteration or by resending of messages

A High Performance and Platform Independent Web-Based Distance Learning Environment

The growth of the Internet and the World Wide Web (WWW) has significantly increased the amount of online information and services available to the general population of society. The fast development of high-powered communication technology, together with an increasingly computer-wise society have created new opportunities for the delivery of educational material and distance education on the Web. Among the popular Web-based distance learning systems are WebCT, Blackboard, Lotus LearningSpace and Virtual-U. However, these systems have limitations such as platfonn dependent, slow performance and expensive cost. In this thesis, a Web-based distance learning environment (WebEd 2000) has been developed using Java servlets and random access file to address these problems. It is essentially an extension of WebEd, a first working prototype of Web-based distance learning system developed at the Broadband and ATM Research Group, Universiti Putra Malaysia (UPM). This new version provides significant improvement over its predecessor in various aspects, such as system performance, usability, scalability, security, reliability and stability. WebEd 2000 enables delivering conventional lecture notes over the Web and providing various tools to help in managing and maintaining course materials in a server. It also enables traditional face-to-face interaction to be carried out asynchronously via email and announcement services. Moreover, the system also supports monitoring and tracking of students activities as well as managing of students within a course. WebEd 2000 is mainly developed using the combination of Java servlets and JavaScript technologies. The server-side servlets, together with the binary format random access file, are used to process various client requests and store data, while the client-side JavaScript is used to enable DHTML features and perform less security concern processes such as generating an input dialogue box, hence lessening the workload of the server in relative. Finally, WebEd 2000 can easily be set up and deployed in any platforms with minimal modifications. Flexibility is achieved by utilizing Java technology for the system applications and random access file for the system data repository. It is this platform neutrality of Java bytecodes and binary file format that makes WebEd 2000 a completely platform independent Web-based distance learning environment

User-controlled access management to resources on the Web

PhD ThesisThe rapidly developing Web environment provides users with a wide set of rich services as varied and complex as desktop applications. Those services are collectively referred to as "Web 2.0", with such examples as Facebook, Google Apps, Salesforce, or Wordpress, among many others. These applications are used for creating, managing, and sharing online data between users and services on the Web. With the shift from desktop computers to the Web, users create and store more of their data online and not on the hard drives of their computers. This data includes personal information, documents, photos, as well as other resources. Irrespective of the environment, either desktop or the Web, it is the user who creates the data, who disseminates it and who shares this data. On the Web, however, sharing resources poses new security and usability challenges which were not present in traditional computing. Access control, also known as authorisation, that aims to protect such sharing, is currently poorly addressed in this environment. Existing access control is often not well suited to the increasing amount of highly distributed Web data and does not give users the required flexibility in managing their data. This thesis discusses new solutions to access control for the Web. Firstly, it shows a proposal named User-Managed Access Control (UMAC) and presents its architecture and protocol. This thesis then focuses on the User-Managed Access (UMA) solution that is researched by the User- Managed Access Work Group at Kantara Initiative. The UMA approach allows the user to play a pivotal role in assigning access rights to their resources which may be spread across multiple cloud-based Web applications. Unlike existing authorisation systems, it relies on a user’s centrally located security requirements for these resources. The security requirements are expressed in the form of access control policies and are stored and evaluated in a specialised component called Authorisation Manager. Users are provided with a consistent User Experience for managing access control for their distributed online data and are provided with a holistic view of the security applied to this data. Furthermore, this thesis presents the software that implements the UMA proposal. In particular, this thesis shows frameworks that allow Web applications to delegate their access control function to an Authorisation Manager. It also presents design and implementation of an Authorisation Manager and discusses its evaluation conducted with a user study. It then discusses design and implementation of a second, improved Authorisation Manager. Furthermore, this thesis presents the applicability of the UMA approach and the implemented software to real-world scenarios

A New Prototype for Intelligent Visual Fraud Detection in Agent-Based Auditing Framework

While US. Sarbanes Oxley act has been viewed by most as an onerous and expensive requirement; it is having a positive impact on driving appropriate levels of investment in IT security, controls, and transactional systems. This paper introduces a new secure solution for auditing and accounting based on artificial intelligence technology. These days, security is a big issue among regulatory firms. Big companies are concerned about their data to be disseminated to their competitors; this high risk prevents them to provide full information to the regulatory firms. This solution not only significantly reduces the risk of unauthorized access to the company’s information but also facilitate a framework for controlling the flow of disseminating information in a risk free method. Managing security is performed by a network of mobile agents in a pyramid structure among regulatory organization like securities and exchanges commissions, stock exchanges in top of this pyramid to the companies in the button. Because of security considerations, our strategy is to delegate all fraud detection algorithms to Intelligent Mobile Auditing Agent and web service undertake all inter communicational activity. Web services can follow auditing actives in predefined framework and they can act based on permitted security allowance to auditors. The current solution is designed based on Java-based mobile agents. Such design reaps strong mobility and security benefits. This new prototyped solution could be a framework for strengthening security for future development in this area. An insider trading case study is used to demonstrate and evaluate the approach

Security and VO management capabilities in a large-scale Grid operating system

This paper presents a number of security and VO management capabilities in a large-scale distributed Grid operating system. The capabilities formed the basis of the design and implementation of a number of security and VO management services in the system. The main aim of the paper is to provide some idea of the various functionality cases that need to be considered when designing similar large-scale systems in the future